Bug#585832: marked as done (ejabberd: denial of service via looping error stansa)

Tue, 03 Aug 2010 10:51:31 -0700 

Your message dated Tue, 3 Aug 2010 21:33:51 +0400
with message-id <[email protected]>
and subject line Close ejabberd bugs 585832 and 587638
has caused the Debian Bug report #585832,
regarding ejabberd: denial of service via looping error stansa
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
585832: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585832
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: ejabberd
Version: 2.1.3-2
Severity: important
Tags: patch


If mod_muc is enabled, its possible to cause a error stansa loop that can cause
a denial of service and 100% cpu usage on the machine. This is currently fixed
in 2.1.4 by ticket EJAB-930 on Process One's support site:

https://support.process-one.net/browse/EJAB-930

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.28.4-xxxx-std-ipv6-64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages ejabberd depends on:
ii  adduser                 3.112            add and remove users and groups
ii  debconf [debconf-2.0]   1.5.32           Debian configuration management sy
ii  erlang-asn1             1:13.b.4-dfsg-5  Erlang/OTP modules for ASN.1 suppo
ii  erlang-base [erlang-abi 1:13.b.4-dfsg-5  Erlang/OTP virtual machine and bas
ii  erlang-crypto           1:13.b.4-dfsg-5  Erlang/OTP cryprographic modules
ii  erlang-inets            1:13.b.4-dfsg-5  Erlang/OTP Internet clients and se
ii  erlang-mnesia           1:13.b.4-dfsg-5  Erlang/OTP distributed relational/
ii  erlang-odbc             1:13.b.4-dfsg-5  Erlang/OTP interface to SQL databa
ii  erlang-ssl              1:13.b.4-dfsg-5  Erlang/OTP implementation of SSL
ii  erlang-syntax-tools     1:13.b.4-dfsg-5  Erlang/OTP modules for handling ab
ii  libc6                   2.11.1-3         Embedded GNU C Library: Shared lib
ii  libexpat1               2.0.1-7          XML parsing C library - runtime li
ii  libpam0g                1.1.1-3          Pluggable Authentication Modules l
ii  libssl0.9.8             0.9.8n-1         SSL shared libraries
ii  openssl                 0.9.8n-1         Secure Socket Layer (SSL) binary a
ii  ucf                     3.0025           Update Configuration File: preserv
ii  zlib1g                  1:1.2.3.4.dfsg-3 compression library - runtime

ejabberd recommends no packages.

Versions of packages ejabberd suggests:
pn  imagemagick | graphicsmagick- <none>     (no description available)
ii  libunix-syslog-perl           1.1-2      Perl interface to the UNIX syslog(

-- Configuration Files:
/etc/ejabberd/inetrc [Errno 13] Permission denied: u'/etc/ejabberd/inetrc'

-- debconf information:
  ejabberd/nomatch:
* ejabberd/user: nikdoof
* ejabberd/hostname: syndicate.tensixtyone.com

--- End Message ---
--- Begin Message --- 
Version: 2.1.4-1

This bug is fixed in 2.1.4 which was uploaded in sid.

--- End Message ---

Reply via email to