Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 126978 - net-im/jabberd: SASL Negotiation Denial of Service Vulnerability
Summary: net-im/jabberd: SASL Negotiation Denial of Service Vulnerability
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://article.gmane.org/gmane.networ...
Whiteboard: ~3 [noglsa] DerCorny
Keywords:
Depends on:
Blocks:
 
Reported: 2006-03-20 09:22 UTC by Stefan Cornelius (RETIRED)
Modified: 2006-05-05 15:13 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Cornelius (RETIRED) gentoo-dev 2006-03-20 09:22:02 UTC 
This is a jabberd2s11 security release. 

This release fixes a problem where sending a <response> stanza before
an <auth> stanza during a SASL negotiation can cause a c2s segfault.

No other changes were made to the source from the s10 release.

Downloads are available here:
http://jabberstudio.org/projects/jabberd2/releases/
md5sum:67d1663ed97a5ba707d5d145b1d19c55
Comment 1 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-20 09:22:48 UTC 
net-im please bump, thx
Comment 2 Stefan Cornelius (RETIRED) gentoo-dev 2006-03-28 06:51:27 UTC 
please dont forget this one, thx
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-04-28 12:41:20 UTC 
net-im, about time to bump please
Comment 4 Karol Pasternak (RETIRED) gentoo-dev 2006-04-30 06:51:24 UTC 
in cvs.
Comment 5 Jason Wever (RETIRED) gentoo-dev 2006-05-03 06:10:43 UTC 
The ebuild currently in portage for this fails to emerge on ~arch system as the enewuser call is made in the src_install function, which is not allowed.  Not sure if arch keyworded versions of portage will fail this ebuild in the same way or not.
Comment 6 Thierry Carrez (RETIRED) gentoo-dev 2006-05-04 09:50:00 UTC 
weeve: maybe file another bug for this to get net-im attention...
Comment 7 Jason Wever (RETIRED) gentoo-dev 2006-05-05 15:13:10 UTC 
Koon:  I've submitted bug #132392 to cover this.