Jump to content
Compatible Support Forums
Sign in to follow this  
news

[SECURITY] [DLA 881-1] ejabberd security update

Recommended Posts

Package : ejabberd

Version : 2.1.10-4+deb7u2

CVE ID : CVE-2014-8760

Debian Bug : 767521 767535

 

It was found that ejabberd does not enforce the starttls_required

setting when compression is used, which causes clients to establish

connections without encryption.

 

For Debian 7 "Wheezy", this problem has been fixed in version

2.1.10-4+deb7u2.

 

This update also disables the insecure SSLv3.

 

We recommend that you upgrade your ejabberd packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

 

 

Share this post


Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  

×