Описание
Security update for atheme
This update for atheme fixes the following issues:
atheme was updated to release 7.2.12:
- CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989]
- Track SASL login EID
Update to release 7.2.11
- Add a preliminary Turkish translation
- Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
- modules/chanserv/akick: fix unload crash with akicks that have timeouts
- modules/nickserv/multimark: use IRC case canonicalisation for restored nicks
- modules/nickserv/multimark: forbid unloading due to the potential for data loss
- CA_ constants: include CA_EXEMPT (+e) where appropriate
Update to new upstream release 7.2.10.r2
- Fix potential NULL dereference in modules/crypto/posix.
- Bump E-Mail address maximum length to 254 characters.
- Use flags setter information in modules/chanserv/access & modules/chanserv/flags.
- Fix issue where modules/misc/httpd was not closing its listening socket on deinit.
- Fix GroupServ data loss issue when a group was the founder of another group.
Список пакетов
SUSE Package Hub 15 SP3
atheme-7.2.12-bp153.2.3.1
atheme-devel-7.2.12-bp153.2.3.1
libathemecore1-7.2.12-bp153.2.3.1
openSUSE Leap 15.3
atheme-7.2.12-bp153.2.3.1
atheme-devel-7.2.12-bp153.2.3.1
libathemecore1-7.2.12-bp153.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2022:10018-1
- SUSE Security Ratings
- SUSE Bug 1174075
- SUSE Bug 1195989
- SUSE CVE CVE-2022-24976 page
Описание
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.
Затронутые продукты
SUSE Package Hub 15 SP3:atheme-7.2.12-bp153.2.3.1
SUSE Package Hub 15 SP3:atheme-devel-7.2.12-bp153.2.3.1
SUSE Package Hub 15 SP3:libathemecore1-7.2.12-bp153.2.3.1
openSUSE Leap 15.3:atheme-7.2.12-bp153.2.3.1
Ссылки
- CVE-2022-24976
- SUSE Bug 1195989