Описание
Security update for znc
This update for znc to version 1.7.4 fixes the following issues:
Security issues fixed:
- CVE-2019-12816: Fixed a remote code execution in Modules.cpp (boo#1138572).
- CVE-2019-9917: Fixed a denial of service on invalid encoding (boo#1130360).
Список пакетов
SUSE Package Hub 15
znc-1.7.4-bp150.2.6.1
znc-devel-1.7.4-bp150.2.6.1
znc-lang-1.7.4-bp150.2.6.1
znc-perl-1.7.4-bp150.2.6.1
znc-python3-1.7.4-bp150.2.6.1
znc-tcl-1.7.4-bp150.2.6.1
openSUSE Leap 15.0
znc-1.7.4-bp150.2.6.1
znc-devel-1.7.4-bp150.2.6.1
znc-lang-1.7.4-bp150.2.6.1
znc-perl-1.7.4-bp150.2.6.1
znc-python3-1.7.4-bp150.2.6.1
znc-tcl-1.7.4-bp150.2.6.1
openSUSE Leap 15.1
znc-1.7.4-bp150.2.6.1
znc-devel-1.7.4-bp150.2.6.1
znc-lang-1.7.4-bp150.2.6.1
znc-perl-1.7.4-bp150.2.6.1
znc-python3-1.7.4-bp150.2.6.1
znc-tcl-1.7.4-bp150.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1775-1
- SUSE Security Ratings
- SUSE Bug 1130360
- SUSE Bug 1138572
- SUSE CVE CVE-2019-12816 page
- SUSE CVE CVE-2019-9917 page
Описание
Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name.
Затронутые продукты
SUSE Package Hub 15:znc-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-devel-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-lang-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-perl-1.7.4-bp150.2.6.1
Ссылки
- CVE-2019-12816
- SUSE Bug 1138572
Описание
ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding.
Затронутые продукты
SUSE Package Hub 15:znc-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-devel-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-lang-1.7.4-bp150.2.6.1
SUSE Package Hub 15:znc-perl-1.7.4-bp150.2.6.1
Ссылки
- CVE-2019-9917
- SUSE Bug 1130360