[Security] Security Notice: Uncontrolled Resource Consumption with Highly-Compressed XMPP Stanzas

Peter Saint-Andre stpeter at stpeter.im
Fri Apr 4 14:27:34 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The XMPP Standards Foundation has published a security notice
describing an uncontrolled resource consumption vulnerability in
several XMPP server implementations that support application-layer
compression. Details can be found at:

http://xmpp.org/resources/security-notices/uncontrolled-resource-consumption-with-highly-compressed-xmpp-stanzas/

Peter
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: GPGTools - http://gpgtools.org
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJTPsFGAAoJEOoGpJErxa2putMP/RDoXMUMszZLwg1uNMwInVo2
hmUq2BfmreWFdW6ixZcwX7RCvmqBtYyTyMHc/9W8qO36aDSZWpBKoCgsTPhfw7DV
hhV4n49zHRLcBwNzAwQbQREWo9RS9lYixj2sHHdAH6RzgW4nO3XSRFUO/m7MDa5j
Le00E3Hd/DA/ZHwa9CSI+R1YkHcmXqgiNBbq+msuk4jgj+B0rZmnRauDeQ8+/iUn
4qLN6Ck4fO/BluJhINWFXMlEcVFF8ZO+sKCZtQt/yeAT105Vx2pVUVdn6y8tlkBh
kPBDZeZN6PA5jKelEdnAtZ44qMf67VkEwTlvawCkT15uhYdVsfviG2s6Y/GTc+fv
ypK6UNsOGP5tmMtbYr61VvPYKu+2Z7Ws3U5ndxAii30Jaqv8xyI1ijVUBObEKIv1
bVdKrUDbTsIDrkGhM1UGPyFNb42iBsqfeZ//yIMo6ag8uiPNeFhMco45HFSaGTVM
hSLLKH4/bZAfUpDmnmY2OhiVs9t28hqCMlcLinnZeNJkYkytBBfYgFYX1vk6WgAS
qEa7eYjxHFGIT6J9RclC64r0Prq2Ypwtd9Zfi2RlYb/Ub2qvCdGl3HV2scioiFW6
v3oMjqdKwjXfYmJYUSaa+6hE2bwi5bdx4O8Picy5a7ranNS894S7uTw4xzERuqjH
kknYhc7UUHnCwfK/eF3u
=SoqF
-----END PGP SIGNATURE-----


More information about the Security mailing list