Security update for atheme
SUSE Patch
security@suse.de
SUSE Security Team
openSUSE-SU-2016:1312-1
Final
1
1
2016-05-17T09:26:08Z
current
2016-05-17T09:26:08Z
2016-05-17T09:26:08Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for atheme
This update for atheme fixes the following issues:
- CVE-2016-4478: Under certain circumstances, a remote attacker could cause denial of service due to a buffer overflow in the XMLRPC response encoding code (boo#978170)
- CVE-2014-9773: Remote attacker could change Atheme's behavior by registering/dropping certain accounts/nicks (boo#978170)
The version update to 7.2.6 also contains a number of upstream fixes.
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html
E-Mail link for openSUSE-SU-2016:1312-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
openSUSE Leap 42.1
atheme-7.2.6-5.1
atheme-devel-7.2.6-5.1
libathemecore1-7.2.6-5.1
atheme-7.2.6-5.1 as a component of openSUSE Leap 42.1
atheme-devel-7.2.6-5.1 as a component of openSUSE Leap 42.1
libathemecore1-7.2.6-5.1 as a component of openSUSE Leap 42.1
modules/chanserv/flags.c in Atheme before 7.2.7 allows remote attackers to modify the Anope FLAGS behavior by registering and dropping the (1) LIST, (2) CLEAR, or (3) MODIFY keyword nicks.
CVE-2014-9773
openSUSE Leap 42.1:atheme-7.2.6-5.1
openSUSE Leap 42.1:atheme-devel-7.2.6-5.1
openSUSE Leap 42.1:libathemecore1-7.2.6-5.1
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html
https://www.suse.com/security/cve/CVE-2014-9773.html
CVE-2014-9773
https://bugzilla.suse.com/978170
SUSE Bug 978170
Buffer overflow in the xmlrpc_char_encode function in modules/transport/xmlrpc/xmlrpclib.c in Atheme before 7.2.7 allows remote attackers to cause a denial of service via vectors related to XMLRPC response encoding.
CVE-2016-4478
openSUSE Leap 42.1:atheme-7.2.6-5.1
openSUSE Leap 42.1:atheme-devel-7.2.6-5.1
openSUSE Leap 42.1:libathemecore1-7.2.6-5.1
moderate
Please Install the update.
https://lists.opensuse.org/opensuse-updates/2016-05/msg00061.html
https://www.suse.com/security/cve/CVE-2016-4478.html
CVE-2016-4478
https://bugzilla.suse.com/978170
SUSE Bug 978170