Remotely exploitable DoS from XMPP client to ejabberd server via flood of "client2server" messages (causing the message queue on the server to get overloaded, leading to server crash) has been found. Track of the incident: https://support.process-one.net/browse/EJAB-1173 Upstream patches against v2.1: https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/configure?r1=2688&r2=2936&u&N https://forge.process-one.net/rdiff/ejabberd/branches/ejabberd-2.1.x/src/ejabberd_c2s.erl?r1=2911&r2=2936&u&N CVE Request: http://www.openwall.com/lists/oss-security/2010/01/29/1
This issue affects the latest versions of ejabberd package, as shipped with Fedora 11 (ejabberd-2.1.1-1.fc11) and 12 (ejabberd-2.1.1-1.fc12). This issue affects the latest version of ejabberd package, as shipped with EPEL-5 project (ejabberd-2.0.5-8.el5). Please fix.
ejabberd-2.1.2-2.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/ejabberd-2.1.2-2.fc12
ejabberd-2.1.2-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/ejabberd-2.1.2-2.fc11
This is CVE-2010-0305.
ejabberd-2.1.2-2.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.
ejabberd-2.1.2-2.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
*** Bug 559890 has been marked as a duplicate of this bug. ***
*** Bug 559909 has been marked as a duplicate of this bug. ***