Updated znc packages fix security vulnerabilities
Publication date: 12 Sep 2019Modification date: 12 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2018-14055 , CVE-2018-14056 , CVE-2019-9917 , CVE-2019-12816
Description
Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which
could result in privilege escalation or denial of service (CVE-2018-14055,
CVE-2018-14056).
Two vulnerabilities were discovered in the ZNC IRC bouncer which could
result in remote code execution (CVE-2019-12816) or denial of service via
invalid encoding (CVE-2019-9917).
References
- https://bugs.mageia.org/show_bug.cgi?id=23327
- https://www.debian.org/security/2018/dsa-4252
- https://www.debian.org/security/2019/dsa-4463
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14055
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14056
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9917
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12816
SRPMS
6/core
- znc-1.7.4-1.mga6
7/core
- znc-1.7.4-1.mga7