SUSE Package Hub - openSUSE-2021-991

Update Info

openSUSE-2021-991

Security update for prosody

Type: security

Severity: moderate

Issued: 2021-07-08

Description:

This update for prosody fixes the following issues:

- Update to 0.11.9:
  * mod_limits, prosody.cfg.lua: Enable rate limits by default
  * certmanager: Disable renegotiation by default
  * mod_proxy65: Restrict access to local c2s connections by default
  * util.startup: Set more aggressive defaults for GC
  * mod_c2s, mod_s2s, mod_component, mod_bosh, mod_websockets: Set default stanza size limits
  * mod_authinternal{plain,hashed}: Use constant-time string comparison for secrets
  * mod_dialback: Remove dialback-without-dialback feature
  * mod_dialback: Use constant-time comparison with hmac
- Prosody XMPP server advisory 2021-05-12 (boo#1186027)
  * Including CVE-2021-32919, CVE-2021-32917, CVE-2021-32917, CVE-2021-32920, CVE-2021-32918

References

CVE: CVE-2021-32920
CVE: CVE-2021-32919
CVE: CVE-2021-32918
CVE: CVE-2021-32917
Bugzilla: 1186027 VUL-1: CVE-2021-32917,CVE-2021-32918,CVE-2021-32919,CVE-2021-32920,CVE-2021-32921: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)

Packages

prosody-0.11.9-bp153.2.3.1