[Operators] Fwd: [jdev] Fwd: [Security] billion laughs attack

bear bear42 at gmail.com
Thu Jun 2 05:15:57 UTC 2011


---------- Forwarded message ----------
From: Peter Saint-Andre <stpeter at stpeter.im>
Date: Wed, Jun 1, 2011 at 13:59
Subject: [jdev] Fwd: [Security] billion laughs attack
To: Jabber/XMPP software development list <jdev at jabber.org>


FYI.

-------- Original Message --------
Subject: [Security] billion laughs attack
Date: Wed, 01 Jun 2011 11:58:13 -0600
From: Peter Saint-Andre <stpeter at stpeter.im>
Reply-To: XMPP Security <security at xmpp.org>
To: XMPP Security <security at xmpp.org>

Over the last few days, the Debian security team has announced fixes to
several XMPP server daemons to address the so-called "billion laughs"
attack:

http://lists.debian.org/debian-security-announce/2011/msg00118.html
http://lists.debian.org/debian-security-announce/2011/msg00119.html
http://lists.debian.org/debian-security-announce/2011/msg00120.html

This attack is not limited to those server daemons, and in fact applies
more generally to any XML-based applications. Other XMPP software
projects (servers, clients, and libraries) might also vulnerable, and
developers are encouraged to review their code.

Background information can be found at the following web pages:

http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html

http://msdn.microsoft.com/en-us/magazine/ee335713.aspx

Peter

--
Peter Saint-Andre
https://stpeter.im/





_______________________________________________
JDev mailing list
Info: http://mail.jabber.org/mailman/listinfo/jdev
Unsubscribe: JDev-unsubscribe at jabber.org
_______________________________________________




-- 
Bear

bear at xmpp.org (email)
bear42 at gmail.com (xmpp, email)
bear at code-bear.com (xmpp, email)
http://code-bear.com/bearlog (weblog)

PGP Fingerprint = 9996 719F 973D B11B E111  D770 9331 E822 40B3 CD29
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6105 bytes
Desc: not available
URL: <http://mail.jabber.org/pipermail/operators/attachments/20110602/98dc80c7/attachment.bin>


More information about the Operators mailing list