Security update for znc
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2015:2163-1
Final
1
1
2015-12-01T22:21:25Z
current
2015-12-01T22:21:25Z
2015-12-01T22:21:25Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for znc
Znc was updated to 1.6.2 to fix one security issue.
The following vulnerability was fixed:
* CVE-2014-9403: Remote unauthenticated users could cause denial of service via channel creation. [boo#956254]
Also contains all bug fixes in the 1.6.2 release.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2015-12/msg00004.html
E-Mail link for openSUSE-SU-2015:2163-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
znc-1.6.2-8.1
znc-devel-1.6.2-8.1
znc-perl-1.6.2-8.1
znc-python3-1.6.2-8.1
znc-tcl-1.6.2-8.1
znc-1.6.2-8.1 as a component of openSUSE Leap 42.1
znc-devel-1.6.2-8.1 as a component of openSUSE Leap 42.1
znc-perl-1.6.2-8.1 as a component of openSUSE Leap 42.1
znc-python3-1.6.2-8.1 as a component of openSUSE Leap 42.1
znc-tcl-1.6.2-8.1 as a component of openSUSE Leap 42.1
The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL pointer dereference and crash) by adding a channel with the same name as an existing channel but without the leading # character, related to a "use-after-delete" error.
CVE-2014-9403
openSUSE Leap 42.1:znc-1.6.2-8.1
openSUSE Leap 42.1:znc-devel-1.6.2-8.1
openSUSE Leap 42.1:znc-perl-1.6.2-8.1
openSUSE Leap 42.1:znc-python3-1.6.2-8.1
openSUSE Leap 42.1:znc-tcl-1.6.2-8.1
low
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2015-12/msg00004.html
https://www.suse.com/security/cve/CVE-2014-9403.html
CVE-2014-9403
https://bugzilla.suse.com/956254
SUSE Bug 956254