openSUSE-SU-2021:1173-1

Опубликовано: 20 авг. 2021

Источник: suse-cvrf

Описание

Security update for prosody

This update for prosody fixes the following issues:

prosody was updated to 0.11.10:

Security:

MUC: Fix logic for access to affiliation lists CVE-2021-37601 (boo#1188976)

https://prosody.im/security/advisory_20210722/

Minor changes:

prosodyctl: Add ‘limits’ to known globals to warn about misplacing it
util.ip: Fix netmask for link-local address range
mod_pep: Remove obsolete node restoration code
util.pubsub: Fix traceback if node data not initialized

Список пакетов

SUSE Package Hub 15 SP3

prosody-0.11.10-bp153.2.6.2

openSUSE Leap 15.3

prosody-0.11.10-bp153.2.6.2

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/AFQIQ2726F5P4HAPY7BLDPPFSDMPRVNM/
E-Mail link for openSUSE-SU-2021:1173-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188976
SUSE Bug 1188976
https://www.suse.com/security/cve/CVE-2021-37601/
SUSE CVE CVE-2021-37601 page

Описание

muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive information (list of admins, members, owners, and banned entities of a Multi-User chat room) in some common configurations.

Затронутые продукты

SUSE Package Hub 15 SP3:prosody-0.11.10-bp153.2.6.2

openSUSE Leap 15.3:prosody-0.11.10-bp153.2.6.2

Ссылки

https://www.suse.com/security/cve/CVE-2021-37601.html
CVE-2021-37601
https://bugzilla.suse.com/1188976
SUSE Bug 1188976

openSUSE-SU-2021:1173-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-37601

Описание

Затронутые продукты

Ссылки