| - |
- CVE-2021-32917 can be mitigated by configuring 'proxy65_acl' to a list of XMPP domains that should be allowed to use the file transfer proxy. |
| + |
- CVE-2021-32917 can be mitigated by configuring 'proxy65_acl' to a |
| + |
list of XMPP domains that should be allowed to use the file transfer |
| + |
proxy. |
| |
|
| - |
- CVE-2021-32918 can be partly mitigated using stricter settings for stanza size limits, rate limits and garbage collection parameters, see the referenced upstream advisory for more details. |
| + |
- CVE-2021-32918 can be partly mitigated using stricter settings for |
| + |
stanza size limits, rate limits and garbage collection parameters, see |
| + |
the referenced upstream advisory for more details. |
| |
|
| - |
- CVE-2021-32919 can be mitigated by removing or disabling the ‘dialback_without_dialback’ option. |
| + |
- CVE-2021-32919 can be mitigated by removing or disabling the |
| + |
‘dialback_without_dialback’ option. |
| |
|
| - |
- CVE-2021-32920 can be mitigated by setting the following ssl option (or add to your existing one if you have one): |
| + |
- CVE-2021-32920 can be mitigated by setting the following ssl option |
| + |
(or add to your existing one if you have one): |
| |
|
| |
ssl = { |
| |
options = { |
| |
no_renegotiation = true; |
| |
} |
| |
} |
| |
|
| - |
- CVE-2021-32921 can partly be mitigated by enabling and configuring rate limits through mod_limits in order to lengthen the amount of time required to successfully complete a timing attack. |
| + |
- CVE-2021-32921 can partly be mitigated by enabling and configuring |
| + |
rate limits through mod_limits in order to lengthen the amount of time |
| + |
required to successfully complete a timing attack. |