Date: Tue, 18 Jan 2022 17:05:50 +0100 From: Jonas Schäfer <jonas@...licki.name> To: oss-security@...ts.openwall.com Subject: Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request) On Donnerstag, 13. Januar 2022 15:01:11 CET Jonas Schäfer wrote: > A remote unauthenticated denial of service / resource exhaustion attack was > discovered in all Prosody servers with WebSockets enabled and publicly > accessible. > > Upstream builds have been started and should be available shortly. The > closely related Snikket project will publish new images shortly, too. Jitsi > Meet have been informed ahead of time. > > Please see the below advisory for full information. As promised, attached you'll find instructions for probing for the vulnerability. kind regards, Jonas View attachment "instructions.md" of type "text/markdown" (1695 bytes) Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.