Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 18 Jan 2022 17:05:50 +0100
From: Jonas Schäfer <jonas@...licki.name>
To: oss-security@...ts.openwall.com
Subject: Re: Prosody XMPP server advisory 2022-01-13 (Remote Unauthenticated Denial of Service) (CVE request)

On Donnerstag, 13. Januar 2022 15:01:11 CET Jonas Schäfer wrote:
> A remote unauthenticated denial of service / resource exhaustion attack was
> discovered in all Prosody servers with WebSockets enabled and publicly
> accessible.
> 
> Upstream builds have been started and should be available shortly. The
> closely related Snikket project will publish new images shortly, too. Jitsi
> Meet have been informed ahead of time.
> 
> Please see the below advisory for full information.

As promised, attached you'll find instructions for probing for the 
vulnerability.

kind regards,
Jonas
View attachment "instructions.md" of type "text/markdown" (1695 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.