Gentoo Bug 217234 - net-im/openfire <3.5.0 Denial of Service (CVE-2008-1728)

First Last Prev Next No search results available Search page Enter new bug

Bug#:	217234
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 217234 depends on:			Show dependency tree
Bug 217234 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2008-04-10 23:23 0000

Secunia:

DESCRIPTION:
A vulnerability has been reported in Openfire, which can be exploited
by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an unspecified error and can be
exploited to cause a DoS.

The vulnerability is reported in version 3.4.5. Other versions may
also be affected.

SOLUTION:
Update to version 3.5.0.

ORIGINAL ADVISORY:
http://www.igniterealtime.org/issues/browse/JM-1289

------- Comment #1 From Robert Buchholz 2008-04-10 23:24:26 0000 -------

3.5.0 is already in the tree, good to go stable?

------- Comment #2 From Robert Buchholz 2008-04-12 16:56:27 0000 -------

Vulnerability: It cannot handle clients that fail to read 
messages, and has no limit on their session's send buffer.

http://www.igniterealtime.org/fisheye/changelog/svn-org?cs=10031

------- Comment #3 From Robert Buchholz 2008-04-14 02:11:33 0000 -------

net-irc/humpback, is 3.5.0_rc1 good to go stable?

------- Comment #4 From Robert Buchholz 2008-04-15 22:57:58 0000 -------

Arches, please test and mark stable:
=net-im/openfire-3.5.0
Target keywords : "amd64 release x86"

------- Comment #5 From Markus Meier 2008-04-17 01:01:09 0000 -------

amd64/x86 stable, last arches.

------- Comment #6 From Matthias Geerdsen 2008-04-17 10:36:21 0000 -------

ready for GLSA vote

/me votes yes

------- Comment #7 From Tobias Heinlein 2008-04-17 20:08:44 0000 -------

Voting YES as well and filing request.

------- Comment #8 From Peter Volkov 2008-04-21 08:09:13 0000 -------

Fixed in release snapshot.

------- Comment #9 From Robert Buchholz 2008-04-23 16:38:05 0000 -------

GLSA 200804-26

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 217234

net-im/openfire <3.5.0 Denial of Service (CVE-2008-1728)

Last modified: 2008-04-23 16:38:05 0000