http://bugzilla.opensuse.org/show_bug.cgi?id=1092882 Bug ID: 1092882 Summary: VUL-0: CVE-2017-18265: prosody: denial of service related to an incompatibility with certain versions of the LuaSocket library Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/205473/ OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: Mathias.Homann@opensuse.org Reporter: abergmann@suse.com QA Contact: security-team@suse.de CC: mvetter@suse.com Found By: Security Response Team Blocker: --- CVE-2017-18265 Prosody before 0.10.0 allows remote attackers to cause a denial of service (application crash), related to an incompatibility with certain versions of the LuaSocket library, such as the lua-socket package from Debian stretch. The attacker needs to trigger a stream error. A crash can be observed in, for example, the c2s module. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-18265 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875829 http://www.debian.org/security/2018/dsa-4198 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18265 https://hg.prosody.im/0.9/rev/176b7f4e4ac9 https://prosody.im/issues/issue/987 https://hg.prosody.im/0.9/rev/adfffc5b4e2a -- You are receiving this mail because: You are on the CC list for the bug.