Overview

File _patchinfo of Package patchinfo.16410

<patchinfo incident="16410">
  <issue tracker="bnc" id="1186027">VUL-1: CVE-2021-32917,CVE-2021-32918,CVE-2021-32919,CVE-2021-32920,CVE-2021-32921: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)</issue>
  <issue tracker="cve" id="2021-32917"/>
  <issue tracker="cve" id="2021-32920"/>
  <issue tracker="cve" id="2021-32919"/>
  <issue tracker="cve" id="2021-32918"/>
  <packager>jubalh</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for prosody</summary>
  <description>This update for prosody fixes the following issues:

- Update to 0.11.9:
  * mod_limits, prosody.cfg.lua: Enable rate limits by default
  * certmanager: Disable renegotiation by default
  * mod_proxy65: Restrict access to local c2s connections by default
  * util.startup: Set more aggressive defaults for GC
  * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
  * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets
  * mod_dialback: Remove dialback-without-dialback feature
  * mod_dialback: Use constant-time comparison with hmac
- Prosody XMPP server advisory 2021-05-12 (boo#1186027)
  * Including CVE-2021-32919, CVE-2021-32917, CVE-2021-32917, CVE-2021-32920, CVE-2021-32918
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places