All errata/sisyphus/ALT-PU-2016-1317-1
ALT-PU-2016-1317-1

Package update ejabberd in branch sisyphus

Version2.1.13-alt1
Task#162417
Published2016-04-11
Max severityMEDIUM
Severity:

Closed issues (2)

CVE-2013-6169
MEDIUM4.3

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.

Published: 2013-10-17Modified: 2026-04-29
CVSS 2.0MEDIUM 4.3
CVSS:2.0/AV:N/AC:M/Au:N/C:N/I:N/A:P
References
CVE-2014-8760
MEDIUM5.0

ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.

Published: 2014-10-25Modified: 2025-04-12
CVSS 2.0MEDIUM 5.0
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:N/A:N
References