openSUSE-SU-2015:2164-1

Опубликовано: 01 дек. 2015

Источник: suse-cvrf

Описание

Security update for znc

Znc was updated to 1.6.2 to fix one security issue.

The following vulnerability was fixed:

CVE-2014-9403: Remote unauthenticated users could cause denial of service via channel creation. [boo#956254]

Also contains all bug fixes in the 1.6.2 release.

Список пакетов

openSUSE Leap 42.1

znc-1.6.2-8.1

znc-devel-1.6.2-8.1

znc-perl-1.6.2-8.1

znc-python3-1.6.2-8.1

znc-tcl-1.6.2-8.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2015-12/msg00005.html
E-Mail link for openSUSE-SU-2015:2164-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.

Затронутые продукты

openSUSE Leap 42.1:znc-1.6.2-8.1

openSUSE Leap 42.1:znc-devel-1.6.2-8.1

openSUSE Leap 42.1:znc-perl-1.6.2-8.1

openSUSE Leap 42.1:znc-python3-1.6.2-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9403.html
CVE-2014-9403
https://bugzilla.suse.com/956254
SUSE Bug 956254

openSUSE-SU-2015:2164-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2014-9403

Описание

Затронутые продукты

Ссылки