--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2018-455803056d
2018-06-09 19:45:50.208370
--------------------------------------------------------------------------------
Name : prosody
Product : Fedora 27
Version : 0.10.2
Release : 1.fc27
URL :
https://prosody.im/
Summary : Flexible communications server for Jabber/XMPP
Description :
Prosody is a flexible communications server for Jabber/XMPP written in Lua.
It aims to be easy to use, and light on resources. For developers it aims
to be easy to extend and give a flexible system on which to rapidly develop
added functionality, or prototype new protocols.
--------------------------------------------------------------------------------
Update Information:
Prosody 0.10.2 ============== See upstream's blog post at
https://blog.prosody.im/prosody-0-10-2-security-release/ for a full overview of
the release changes. Prosody 0.10.2 fixes a cross-host authentication
vulnerability, CVE-2018-10847. The issue affects Prosody instances that have
multiple virtual hosts (including anonymous authenticated hosts). All versions
of Prosody before 0.9.14 and 0.10.2 are affected. A full security advisory is
available at
https://prosody.im/security/advisory_20180531 Security --------
* mod_c2s: Do not allow the stream ���to��� to change across stream restarts (fixes
#1147) Minor changes ------------- * mod_websocket: Store the request object
on the session for use by other modules (fixes #1153) * mod_c2s: Avoid
concatenating potential nil value (fixes #753) * core.certmanager: Allow all
non-whitespace in service name (fixes #1019) * mod_disco: Skip code specific
to disco on user accounts (avoids invoking usermanager, fixes #1150) *
mod_bosh: Store the normalized hostname on session (fixes #1151) * MUC: Fix
error logged when no persistent rooms present (fixes #1154) Dowstream
---------- * Changed log rotation from weekly/52 to local system defaults
--------------------------------------------------------------------------------
ChangeLog:
* Thu May 31 2018 Robert Scheck <robert(a)fedoraproject.org> 0.10.2-1
- Upgrade to 0.10.2 (#1584801)
- Changed log rotation from weekly/52 to local system defaults
* Tue May 15 2018 Robert Scheck <robert(a)fedoraproject.org> 0.10.1-1
- Upgrade to 0.10.1 (#1578371)
* Fri Feb 9 2018 Fedora Release Engineering <releng(a)fedoraproject.org> - 0.10.0-2
- Rebuilt for
https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1584801 - CVE-2018-10847 prosody: cross-host authentication vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=1584801
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-455803056d' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------