Security
Headlines
HeadlinesLatestCVEs

Headline

Ubuntu Security Notice USN-6990-1

Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user’s system if the user was tricked into joining a malicious server.

Packet Storm
#vulnerability#ubuntu#perl

==========================================================================
Ubuntu Security Notice USN-6990-1
September 04, 2024

znc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

  • Ubuntu 24.04 LTS
  • Ubuntu 22.04 LTS
  • Ubuntu 20.04 LTS
  • Ubuntu 18.04 LTS
  • Ubuntu 16.04 LTS
  • Ubuntu 14.04 LTS

Summary:

znc could be made to execute arbitrary code on a user’s system if
they were persuaded to join a malicious server.

Software Description:

  • znc: advanced modular IRC bouncer

Details:

Johannes Kuhn (DasBrain) discovered that znc incorrectly handled
user input under certain operations. An attacker could possibly
use this issue to execute arbitrary code on a user’s system if
the user was tricked into joining a malicious server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
znc 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
znc 1.8.2-2ubuntu0.1
znc-dev 1.8.2-2ubuntu0.1
znc-perl 1.8.2-2ubuntu0.1
znc-python 1.8.2-2ubuntu0.1
znc-tcl 1.8.2-2ubuntu0.1

Ubuntu 20.04 LTS
znc 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
znc 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
znc 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
znc 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-dev 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-perl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-python 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-tcl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6990-1
https://ubuntu.com/security/notices/USN-6990-1
CVE-2024-39844

Package Information:
https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1
https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1

Related news

Gentoo Linux Security Advisory 202409-23

Gentoo Linux Security Advisory 202409-23 - A vulnerability has been found in ZNC which could result in remote code execution. Versions greater than or equal to 1.9.1 are affected.

Debian Security Advisory 5725-1

Debian Linux Security Advisory 5725-1 - Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages.

Packet Storm: Latest News

CUPS IPP Attributes LAN Remote Code Execution