Package name
ejabberd
Date
2014-01-16
Advisory ID
MDVSA-2014:005
Affected versions
MBS1 x86_64

Problem description

A vulnerability has been discovered and corrected in ejabberd:

The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2)
weak SSL ciphers, which makes it easier for remote attackers to obtain
sensitive information via a brute-force attack (CVE-2013-6169).

The updated packages have been upgraded to the 2.1.13 version which
is not vulnerable to this issue.

Updated packages

MBS1 x86_64

 070d7585fa325dfe8825d999f23977ac  mbs1/x86_64/ejabberd-2.1.13-1.mbs1.x86_64.rpm
 6648d366f18f002331338f2455c06f9c  mbs1/x86_64/ejabberd-devel-2.1.13-1.mbs1.x86_64.rpm
 c2dc7bce649f9448c569ca1ec877d056  mbs1/x86_64/ejabberd-doc-2.1.13-1.mbs1.x86_64.rpm 
 e57f278f6a50aa3884d41e6cdcb6db56  mbs1/SRPMS/ejabberd-2.1.13-1.mbs1.src.rpm

References