Описание
Security update for atheme
This update for atheme fixes the following issues:
- CVE-2016-4478: Under certain circumstances, a remote attacker could cause denial of service due to a buffer overflow in the XMLRPC response encoding code (boo#978170)
- CVE-2014-9773: Remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks (boo#978170)
The version update to 7.2.6 also contains a number of upstream fixes.
Список пакетов
openSUSE Leap 42.1
atheme-7.2.6-5.1
atheme-devel-7.2.6-5.1
libathemecore1-7.2.6-5.1
Ссылки
- E-Mail link for openSUSE-SU-2016:1312-1
- SUSE Security Ratings
Описание
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
Затронутые продукты
openSUSE Leap 42.1:atheme-7.2.6-5.1
openSUSE Leap 42.1:atheme-devel-7.2.6-5.1
openSUSE Leap 42.1:libathemecore1-7.2.6-5.1
Ссылки
- CVE-2014-9773
- SUSE Bug 978170
Описание
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
Затронутые продукты
openSUSE Leap 42.1:atheme-7.2.6-5.1
openSUSE Leap 42.1:atheme-devel-7.2.6-5.1
openSUSE Leap 42.1:libathemecore1-7.2.6-5.1
Ссылки
- CVE-2016-4478
- SUSE Bug 978170