Bug 1153839 (CVE-2014-8760) - CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
Summary: CVE-2014-8760 ejabberd: clients can unexpectedly connect without encryption
Status: NEW
Alias: CVE-2014-8760
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141013,repor...
Keywords: Security
Depends On: 1153840 1153841 1153842
Blocks: 1153843
TreeView+ depends on / blocked
 
Reported: 2014-10-16 23:58 UTC by Murray McAllister
Modified: 2018-05-31 21:51 UTC (History)
5 users (show)

(edit)
Clone Of:
(edit)
Last Closed:


Attachments (Terms of Use)

Description Murray McAllister 2014-10-16 23:58:29 UTC
It was reported that clients could unexpectedly connect without encryption:

http://mail.jabber.org/pipermail/operators/2014-October/002438.html

Upstream fix (master):

https://github.com/processone/ejabberd/commit/7bdc1151b

References:
http://seclists.org/oss-sec/2014/q4/312

Comment 1 Murray McAllister 2014-10-16 23:59:15 UTC
Created ejabberd tracking bugs for this issue:

Affects: fedora-all [bug 1153840]
Affects: epel-5 [bug 1153841]
Affects: epel-6 [bug 1153842]


Note You need to log in before you can comment on or make changes to this bug.