---------- Forwarded message ---------- From: Peter Saint-Andre <[email protected]> Date: Wed, Jun 1, 2011 at 13:59 Subject: [jdev] Fwd: [Security] billion laughs attack To: Jabber/XMPP software development list <[email protected]>
FYI. -------- Original Message -------- Subject: [Security] billion laughs attack Date: Wed, 01 Jun 2011 11:58:13 -0600 From: Peter Saint-Andre <[email protected]> Reply-To: XMPP Security <[email protected]> To: XMPP Security <[email protected]> Over the last few days, the Debian security team has announced fixes to several XMPP server daemons to address the so-called "billion laughs" attack: http://lists.debian.org/debian-security-announce/2011/msg00118.html http://lists.debian.org/debian-security-announce/2011/msg00119.html http://lists.debian.org/debian-security-announce/2011/msg00120.html This attack is not limited to those server daemons, and in fact applies more generally to any XML-based applications. Other XMPP software projects (servers, clients, and libraries) might also vulnerable, and developers are encouraged to review their code. Background information can be found at the following web pages: http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html http://msdn.microsoft.com/en-us/magazine/ee335713.aspx Peter -- Peter Saint-Andre https://stpeter.im/ _______________________________________________ JDev mailing list Info: http://mail.jabber.org/mailman/listinfo/jdev Unsubscribe: [email protected] _______________________________________________ -- Bear [email protected] (email) [email protected] (xmpp, email) [email protected] (xmpp, email) http://code-bear.com/bearlog (weblog) PGP Fingerprint = 9996 719F 973D B11B E111 D770 9331 E822 40B3 CD29
smime.p7s
Description: S/MIME cryptographic signature
