USN-4834-1: Prosody vulnerability

15 March 2021

Prosody could allow unintended access to network services.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • prosody - Lightweight Jabber/XMPP server

Details

It was discovered that Prosody incorrectly validated the virtual host
associated with a user session across stream restarts. A remote attacker
could use this issue to gain unintended access to resources.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

References