02.06.2011 03:59, Peter Saint-Andre wrote:
FYI.
-------- Original Message --------
Subject: [Security] billion laughs attack
Date: Wed, 01 Jun 2011 11:58:13 -0600
From: Peter Saint-Andre<[email protected]>
Reply-To: XMPP Security<[email protected]>
To: XMPP Security<[email protected]>
Over the last few days, the Debian security team has announced fixes to
several XMPP server daemons to address the so-called "billion laughs"
attack:
http://lists.debian.org/debian-security-announce/2011/msg00118.html
http://lists.debian.org/debian-security-announce/2011/msg00119.html
http://lists.debian.org/debian-security-announce/2011/msg00120.html
This attack is not limited to those server daemons, and in fact applies
more generally to any XML-based applications. Other XMPP software
projects (servers, clients, and libraries) might also vulnerable, and
developers are encouraged to review their code.
Background information can be found at the following web pages:
http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html
http://msdn.microsoft.com/en-us/magazine/ee335713.aspx
Peter
I think this should be forwarded in operators list as well.
--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:[email protected].
_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: [email protected]
_______________________________________________
