Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 126978

Summary: net-im/jabberd: SASL Negotiation Denial of Service Vulnerability
Product: Gentoo Security Reporter: Stefan Cornelius (RETIRED) <dercorny>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: net-im, weeve
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://article.gmane.org/gmane.network.jabber.admin/27372
Whiteboard: ~3 [noglsa] DerCorny
Package list:
Runtime testing required: ---

Description Stefan Cornelius (RETIRED) gentoo-dev 2006-03-20 09:22:02 UTC
This is a jabberd2s11 security release. 

This release fixes a problem where sending a <response> stanza before
an <auth> stanza during a SASL negotiation can cause a c2s segfault.

No other changes were made to the source from the s10 release.

Downloads are available here:
http://jabberstudio.org/projects/jabberd2/releases/
md5sum:67d1663ed97a5ba707d5d145b1d19c55
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-20 09:22:48 UTC
net-im please bump, thx
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-28 06:51:27 UTC
please dont forget this one, thx
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 12:41:20 UTC
net-im, about time to bump please
Comment 4 Karol Pasternak (RETIRED) gentoo-dev 2006-04-30 06:51:24 UTC
in cvs.
Comment 5 Jason Wever (RETIRED) gentoo-dev 2006-05-03 06:10:43 UTC
The ebuild currently in portage for this fails to emerge on ~arch system as the enewuser call is made in the src_install function, which is not allowed.  Not sure if arch keyworded versions of portage will fail this ebuild in the same way or not.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-05-04 09:50:00 UTC
weeve: maybe file another bug for this to get net-im attention...
Comment 7 Jason Wever (RETIRED) gentoo-dev 2006-05-05 15:13:10 UTC
Koon:  I've submitted bug #132392 to cover this.