Executive Summary

Titleprosody-modules security update
NameDSA-4612First vendor Publication2020-01-31
VendorDebianLast vendor Modification2020-01-31
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores


It was discovered that the LDAP authentication modules for the Prosody Jabber/XMPP server incorrectly validated the XMPP address when checking whether a user has admin access.

For the oldstable distribution (stretch), this problem has been fixed in version 0.0~hg20170123.3ed504b944e5+dfsg-1+deb9u1.

For the stable distribution (buster), this problem has been fixed in version 0.0~hg20190203.b54e98d5c4a1+dfsg-1+deb10u1.

We recommend that you upgrade your prosody-modules packages.

For the detailed security status of prosody-modules please refer to its security tracker page at: https://security-tracker.debian.org/tracker/prosody-modules

Original Source

Url : http://www.debian.org/security/2020/dsa-4612

Alert History

If you want to see full details history, please login or register.
2020-02-01 00:17:44
  • First insertion