[jdev] Fwd: [Security] billion laughs attack
Evgeniy Khramtsov
xramtsov at gmail.com
Thu Jun 2 05:09:07 UTC 2011
02.06.2011 03:59, Peter Saint-Andre wrote:
> FYI.
>
> -------- Original Message --------
> Subject: [Security] billion laughs attack
> Date: Wed, 01 Jun 2011 11:58:13 -0600
> From: Peter Saint-Andre<stpeter at stpeter.im>
> Reply-To: XMPP Security<security at xmpp.org>
> To: XMPP Security<security at xmpp.org>
>
> Over the last few days, the Debian security team has announced fixes to
> several XMPP server daemons to address the so-called "billion laughs"
> attack:
>
> http://lists.debian.org/debian-security-announce/2011/msg00118.html
> http://lists.debian.org/debian-security-announce/2011/msg00119.html
> http://lists.debian.org/debian-security-announce/2011/msg00120.html
>
> This attack is not limited to those server daemons, and in fact applies
> more generally to any XML-based applications. Other XMPP software
> projects (servers, clients, and libraries) might also vulnerable, and
> developers are encouraged to review their code.
>
> Background information can be found at the following web pages:
>
> http://www.ibm.com/developerworks/xml/library/x-tipcfsx/index.html
>
> http://msdn.microsoft.com/en-us/magazine/ee335713.aspx
>
> Peter
>
I think this should be forwarded in operators list as well.
--
Regards,
Evgeniy Khramtsov, ProcessOne.
xmpp:xram at jabber.ru.
More information about the JDev
mailing list