SUSE Package Hub - openSUSE-2021-1173

Update Info

openSUSE-2021-1173

Security update for prosody

Type: security

Severity: moderate

Issued: 2021-08-21

Description:

This update for prosody fixes the following issues:

prosody was updated to 0.11.10:

Security:

* MUC: Fix logic for access to affiliation lists CVE-2021-37601 (boo#1188976)

    https://prosody.im/security/advisory_20210722/

Minor changes:

* prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
* util.ip: Fix netmask for link-local address range
* mod_pep: Remove obsolete node restoration code
* util.pubsub: Fix traceback if node data not initialized

References

CVE: CVE-2021-37601
Bugzilla: 1188976 VUL-0: CVE-2021-37601: Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Packages

prosody-0.11.10-bp153.2.6.2