The undocumented option ‘dialback_without_dialback’ enabled an experimental feature for server-to-server authentication. A flaw in this feature meant it did not correctly authenticate remote servers, allowing a remote server to impersonate another server when this option is enabled. The default configuration is not affected. Configurations with the setting ‘dialback_without_dialback’ set to true are affected. Reference: https://prosody.im/security/advisory_20210512/
Created prosody tracking bugs for this issue: Affects: fedora-all [bug 1960341]
Well, this also affects epel-all
Created prosody tracking bugs for this issue: Affects: epel-all [bug 1960355]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.