[SECURITY] [DSA 6252-1] prosody security update

From	Moritz Muehlenhoff <jmm@debian.org>
Newsgroups	linux.debian.announce.security
Subject	[SECURITY] [DSA 6252-1] prosody security update
Date	2026-05-07 21:10 +0200
Message-ID	<MScgF-3lIO-1@gated-at.bofh.it> (permalink)
Organization	linux.* mail to news gateway

Show all headers | View raw

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6252-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
May 07, 2026                          https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : prosody
CVE ID         : CVE-2026-43504 CVE-2026-43505 CVE-2026-43506
                 CVE-2026-43507

Multiple security issues were found in Prosody, a lightweight
Jabber/XMPP server, which could result in denial of service or
insufficient access control when using the SOCKS5 proxy module.

For the oldstable distribution (bookworm), these problems have been fixed
in version 0.12.3-1+deb12u1.

For the stable distribution (trixie), these problems have been fixed in
version 13.0.1-1+deb131u.

We recommend that you upgrade your prosody packages.

For the detailed security status of prosody please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/prosody

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn84PsACgkQEMKTtsN8
Tjbo0Q/+N8urOsmdRF3UVxrKo/rvECCwGyF4AKGjnoAQjVH+t+HbeSIo1OVfd5la
dbeYDp4dQX/N7ICt+D6twjn09qH1lAb21OD44Gd2jGWtvf0dHL2rzDXmehpBAW5O
q3eUHYBpeFDG6BTa3fXmuVvgKNn4UjLBBpPQwqR9JATQ0dD0GPJvEqqhqQFcoKlV
mYuF9APXaqyC96u933OeporsOAZM4ThNiAOPdObAOeQjKxGJXKBldm5Vuxg3hFbo
BY/PGrMvdeskt/X+7h27D4PtfuOHtRssOagv7s5GSr3/ZYjunHE1Q40vI+bdiD1w
gLttuKtzoTBJye2qfHyzACYSSL4IlsR65Qv9LUx5awR5Zgdex1LxdYkkC1ez/XwW
jnQM4qYAR1lB/rCb7Euas0W/fgQ+jmTI+LPxYTItgDb+6nmTAHWDOJ+mudJPtNIj
wcytEqMjyFzyl9/5nP8bCr1f8DFNV/H6zexv3FP/VS23bc920PGxArb65FUHPTAy
8Ya83UGg7hk6hp/b2tuCdVhwE/G/hpaLKHwOex0bBA2tVyObbHeKiJruMLRFCFFI
n1rSPZe1fu+gxcqwfQGBUEXeHsdPmQpX+CmxZVYGegh8VQJHTM5ACNHGlG8p9hYQ
iNPT2NKaU6LYRhyCFlxWj7yJbP7oL0A552dg9fpR/ru6dcPBhbQ=
=Eplg
-----END PGP SIGNATURE-----

Back to linux.debian.announce.security | Previous | Next | Find similar

Thread

[SECURITY] [DSA 6252-1] prosody security update Moritz Muehlenhoff <jmm@debian.org> - 2026-05-07 21:10 +0200

csiph-web