Advisories » MGASA-2013-0265

Updated ngircd package fixes CVE-2013-5580

Publication date: 30 Aug 2013
Modification date: 30 Aug 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-5580

Description

Updated ngircd package fixes security vulnerability:

Denial of service bug (server crash) in ngIRCd before 20.3 which could happen
when the configuration option "NoticeAuth" is enabled (which is NOT the
default) and ngIRCd failed to send the "notice auth" messages to new clients
connecting to the server (CVE-2013-5580).
                

References

• http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000645.html
• http://ngircd.barton.de/news.php.en
• https://bugs.mageia.org/show_bug.cgi?id=11082
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5580

SRPMS

3/core

• ngircd-20.3-1.mga3