Headline
Debian Security Advisory 5725-1
Debian Linux Security Advisory 5725-1 - Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages.
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512- -------------------------------------------------------------------------Debian Security Advisory DSA-5725-1 [email protected]://www.debian.org/security/ Salvatore BonaccorsoJuly 03, 2024 https://www.debian.org/security/faq- -------------------------------------------------------------------------Package : zncCVE ID : CVE-2024-39844Debian Bug : 1075729Johannes Kuhn discovered that messages and channel names are notproperly escaped in the modtcl module in ZNC, a IRC bouncer, which couldresult in remote code execution via specially crafted messages.For the oldstable distribution (bullseye), this problem has been fixedin version 1.8.2-2+deb11u1.For the stable distribution (bookworm), this problem has been fixed inversion 1.8.2-3.1+deb12u1.We recommend that you upgrade your znc packages.For the detailed security status of znc please refer to its securitytracker page at:https://security-tracker.debian.org/tracker/zncFurther information about Debian Security Advisories, how to applythese updates to your system and frequently asked questions can befound at: https://www.debian.org/security/Mailing list: [email protected] PGP SIGNATURE-----iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmaFtdJfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xNDz0SD/w/9GnF+OQrjFxg2waLPlyE25kUbjXQUN1XkSyJO44eVlpLl8C2QJHx1w6f++9WENFPxksEE5XcXi/tbdNw5haqvkWv8AvnQ8w0YAQzT9/p5US9Osm5WEky2XPhjinvpQCSm19rUEKYhaU0PlTf3xIoxtI3SifTF0dQNv9WKRP2kBbSKnUYPITpXSz87qgfqHZB/EW8IOBQ6hOn4DPGwtLGad3nqdPUij1PO5YRh2I/CjU9etj0JJtFSHowgg5d5P6vdmbCSQ02OB8NGD/qeJtgou62GPRnRkYacXZSD/x+znwfoRdJZhp/VbhRaPzGLWIwt6g0TX/VJ+NiK5mQ9JkAo78dVJUWpOmjtlRzisGD6OwZtEtuEul60E3d5YS++IPkVZvy1yEZuChWwGtWwJA9u4kU3Yss4qbayQzXKS9tN1ZZnHIGaWE2zDekXhVf9/xpU6WPOeqVfiqeR0OoVnbVuh5zlZXqFupa5dCaXlyJDyXDAVDfuK4WwZK1dODwBkYsjY4sxPfzFQ0ANTLorhqEpVrE8okpiVmkISG+sdqNXRbmQN8TN9D7P34/NS13+arq3/fTQTZFPKMgT37mKXs15XjTPpTlgTOwkoZWR36klZDvY7mbtyqjdifBxE9LstG9iXAXnwTum0s+NnEovBAOq9gkgu7Ahw45RIqmf0BRHF/w==zbCH-----END PGP SIGNATURE-----
Related news
Gentoo Linux Security Advisory 202409-23
Gentoo Linux Security Advisory 202409-23 - A vulnerability has been found in ZNC which could result in remote code execution. Versions greater than or equal to 1.9.1 are affected.
Ubuntu Security Notice USN-6990-1
Ubuntu Security Notice 6990-1 - Johannes Kuhn discovered that znc incorrectly handled user input under certain operations. An attacker could possibly use this issue to execute arbitrary code on a user's system if the user was tricked into joining a malicious server.