openSUSE-SU-2022:10019-1

Опубликовано: 20 июн. 2022

Источник: suse-cvrf

Описание

Security update for atheme

This update for atheme fixes the following issues:

atheme was updated to release 7.2.12:

CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989]
Track SASL login EID

Список пакетов

SUSE Package Hub 15 SP4

atheme-7.2.12-bp154.2.3.1

atheme-devel-7.2.12-bp154.2.3.1

libathemecore1-7.2.12-bp154.2.3.1

openSUSE Leap 15.4

atheme-7.2.12-bp154.2.3.1

atheme-devel-7.2.12-bp154.2.3.1

libathemecore1-7.2.12-bp154.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MTX2GANIBYWOEW6H7AVAQRFPE4Y44SXK/
E-Mail link for openSUSE-SU-2022:10019-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195989
SUSE Bug 1195989
https://www.suse.com/security/cve/CVE-2022-24976/
SUSE CVE CVE-2022-24976 page

Описание

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication bypass by ending an IRC handshake at a certain point during a challenge-response login sequence.

Затронутые продукты

SUSE Package Hub 15 SP4:atheme-7.2.12-bp154.2.3.1

SUSE Package Hub 15 SP4:atheme-devel-7.2.12-bp154.2.3.1

SUSE Package Hub 15 SP4:libathemecore1-7.2.12-bp154.2.3.1

openSUSE Leap 15.4:atheme-7.2.12-bp154.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24976.html
CVE-2022-24976
https://bugzilla.suse.com/1195989
SUSE Bug 1195989

openSUSE-SU-2022:10019-1

Описание

Список пакетов

SUSE Package Hub 15 SP4

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-24976

Описание

Затронутые продукты

Ссылки