U radu programskog paketa jabberd, za operacijske sustave Fedora 16 i 17, uočen je sigurnosni nedostatak. Udaljenim napadačima omogućuje zaobilaženje sigurnosnih ograničenja.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12481
2012-08-22 20:34:47
--------------------------------------------------------------------------------

Name        : jabberd
Product     : Fedora 16
Version     : 2.2.14
Release     : 4.fc16
URL         : http://codex.xiaoka.com/wiki/jabberd2:start
Summary     : OpenSource server implementation of the Jabber protocols
Description :
The jabberd project aims to provide an open-source server implementation of
the Jabber protocols for instant messaging and XML routing. The goal of this
project is to provide a scalable, reliable, efficient and extensible server
that provides a complete set of features and is up to date with the latest
protocol revisions.

jabberd2 is the next generation of the jabberd server. It has been
rewritten from the ground up to be scalable, architecturally sound, and to
support the latest protocol extensions coming out of the JSF.

This package defaults to use pam and sqlite.

--------------------------------------------------------------------------------
Update Information:

included patch for "Vulnerability in XMPP Server Dialback Implementations"

http://xmpp.org/resources/security-notices/server-dialback/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 22 2012 Adrian Reber <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.2.14-4
- included patch for "Vulnerability in XMPP Server Dialback Implementations"
  http://xmpp.org/resources/security-notices/server-dialback/
* Tue Jul 24 2012 Adrian Reber <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.2.14-3
- fixes "service jabberd restart fails on stopping s2s" (#730967)
* Fri Jan 13 2012 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
2.2.14-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #850872 - CVE-2012-3525 jabberd: Prone to unsolicited XMPP Dialback
attacks
        https://bugzilla.redhat.com/show_bug.cgi?id=850872
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update jabberd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12487
2012-08-22 20:35:11
--------------------------------------------------------------------------------

Name        : jabberd
Product     : Fedora 17
Version     : 2.2.14
Release     : 4.fc17
URL         : http://codex.xiaoka.com/wiki/jabberd2:start
Summary     : OpenSource server implementation of the Jabber protocols
Description :
The jabberd project aims to provide an open-source server implementation of
the Jabber protocols for instant messaging and XML routing. The goal of this
project is to provide a scalable, reliable, efficient and extensible server
that provides a complete set of features and is up to date with the latest
protocol revisions.

jabberd2 is the next generation of the jabberd server. It has been
rewritten from the ground up to be scalable, architecturally sound, and to
support the latest protocol extensions coming out of the JSF.

This package defaults to use pam and sqlite.

--------------------------------------------------------------------------------
Update Information:

included patch for "Vulnerability in XMPP Server Dialback Implementations"

http://xmpp.org/resources/security-notices/server-dialback/
--------------------------------------------------------------------------------
ChangeLog:

* Wed Aug 22 2012 Adrian Reber <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.2.14-4
- included patch for "Vulnerability in XMPP Server Dialback Implementations"
  http://xmpp.org/resources/security-notices/server-dialback/
* Tue Jul 24 2012 Adrian Reber <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.2.14-3
- fixes "service jabberd restart fails on stopping s2s" (#730967)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #850872 - CVE-2012-3525 jabberd: Prone to unsolicited XMPP Dialback
attacks
        https://bugzilla.redhat.com/show_bug.cgi?id=850872
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update jabberd' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce