Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 2775-1] ejabberd security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 2775-1] ejabberd security update


Chronologisch Thread 
  • From: Thijs Kinkhorst <thijs AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 2775-1] ejabberd security update
  • Date: Thu, 10 Oct 2013 19:29:34 +0200 (CEST)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
  • Old-return-path: <thijs AT kinkhorst.com>
  • Priority: urgent
  • Resent-date: Thu, 10 Oct 2013 17:29:54 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <tcKGpcmdigN.A.XjE.SQuVSB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2775-1 security AT debian.org
http://www.debian.org/security/ Thijs Kinkhorst
October 10, 2013 http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : ejabberd
Vulnerability : insecure SSL usage
Problem type : remote
Debian-specific: no
Debian Bug : 722105

It was discovered that ejabberd, a Jabber/XMPP server, uses SSLv2 and
weak ciphers for communication, which are considered insecure. The
software offers no runtime configuration options to disable these. This
update disables the use of SSLv2 and weak ciphers.

The updated package for Debian 7 (wheezy) also contains auxiliary
bugfixes originally staged for the next stable point release.

For the oldstable distribution (squeeze), this problem has been fixed in
version 2.1.5-3+squeeze2.

For the stable distribution (wheezy), this problem has been fixed in
version 2.1.10-4+deb7u1.

For the testing distribution (jessie), and unstable distribution (sid),
this problem will be fixed soon.

We recommend that you upgrade your ejabberd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQEcBAEBAgAGBQJSVuPYAAoJEFb2GnlAHawE5KQIAI4W5gLNB2Z2qLG53SU25OTr
El4qltM8AXRQGTaacAVTD+0uz83968lDadvyMTeRiXCh2ScrFzJsrNmPrBgYbFb8
TAwtZDvo2sY/fhsSbECO/9LzopWlC5a4ry14xFC2ta5GEfx+z4RW8R5YHvS5bc1U
k3fSK1egJt4T9aW+pNvPLDU27qOxNtyoyE8b1LMWyzFmlE5ePy7lroXpolviSU0D
qMGGTHeZAPDRVzvHZiWoYs2uEkVich7x8lZB2sufrXkvJbwKkqHpnQ9fMx7+RGJe
2vPAqMmmnEWHgMOcYuEVoQD1BMTyDko3sF4D7BDmbYMAPp/KFfYDbnjjpv1sziI=
=fCbm
-----END PGP SIGNATURE-----


--
To UNSUBSCRIBE, email to debian-security-announce-REQUEST AT lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster AT lists.debian.org
Archive: 20131010172934.6521B59921 AT kinkhorst.com">http://lists.debian.org/20131010172934.6521B59921 AT kinkhorst.com




  • [IT-SecNots] [SECURITY] [DSA 2775-1] ejabberd security update, Thijs Kinkhorst, 10.10.2013

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang