znc-1.8.2-1.11 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11542 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z znc-1.8.2-1.11 on GA media These are all security issues fixed in the znc-1.8.2-1.11 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11542 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11542 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2018-14055/ SUSE CVE CVE-2018-14055 page https://www.suse.com/security/cve/CVE-2018-14056/ SUSE CVE CVE-2018-14056 page https://www.suse.com/security/cve/CVE-2019-12816/ SUSE CVE CVE-2019-12816 page https://www.suse.com/security/cve/CVE-2019-9917/ SUSE CVE CVE-2019-9917 page https://www.suse.com/security/cve/CVE-2020-1377/ SUSE CVE CVE-2020-1377 page openSUSE Tumbleweed znc-1.8.2-1.11 znc-devel-1.8.2-1.11 znc-lang-1.8.2-1.11 znc-perl-1.8.2-1.11 znc-python3-1.8.2-1.11 znc-tcl-1.8.2-1.11 znc-1.8.2-1.11 as a component of openSUSE Tumbleweed znc-devel-1.8.2-1.11 as a component of openSUSE Tumbleweed znc-lang-1.8.2-1.11 as a component of openSUSE Tumbleweed znc-perl-1.8.2-1.11 as a component of openSUSE Tumbleweed znc-python3-1.8.2-1.11 as a component of openSUSE Tumbleweed znc-tcl-1.8.2-1.11 as a component of openSUSE Tumbleweed ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. CVE-2018-14055 openSUSE Tumbleweed:znc-1.8.2-1.11 openSUSE Tumbleweed:znc-devel-1.8.2-1.11 openSUSE Tumbleweed:znc-lang-1.8.2-1.11 openSUSE Tumbleweed:znc-perl-1.8.2-1.11 openSUSE Tumbleweed:znc-python3-1.8.2-1.11 openSUSE Tumbleweed:znc-tcl-1.8.2-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14055.html CVE-2018-14055 https://bugzilla.suse.com/1101281 SUSE Bug 1101281 ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. CVE-2018-14056 openSUSE Tumbleweed:znc-1.8.2-1.11 openSUSE Tumbleweed:znc-devel-1.8.2-1.11 openSUSE Tumbleweed:znc-lang-1.8.2-1.11 openSUSE Tumbleweed:znc-perl-1.8.2-1.11 openSUSE Tumbleweed:znc-python3-1.8.2-1.11 openSUSE Tumbleweed:znc-tcl-1.8.2-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-14056.html CVE-2018-14056 https://bugzilla.suse.com/1101280 SUSE Bug 1101280 Modules.cpp in ZNC before 1.7.4-rc1 allows remote authenticated non-admin users to escalate privileges and execute arbitrary code by loading a module with a crafted name. CVE-2019-12816 openSUSE Tumbleweed:znc-1.8.2-1.11 openSUSE Tumbleweed:znc-devel-1.8.2-1.11 openSUSE Tumbleweed:znc-lang-1.8.2-1.11 openSUSE Tumbleweed:znc-perl-1.8.2-1.11 openSUSE Tumbleweed:znc-python3-1.8.2-1.11 openSUSE Tumbleweed:znc-tcl-1.8.2-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-12816.html CVE-2019-12816 https://bugzilla.suse.com/1138572 SUSE Bug 1138572 ZNC before 1.7.3-rc1 allows an existing remote user to cause a Denial of Service (crash) via invalid encoding. CVE-2019-9917 openSUSE Tumbleweed:znc-1.8.2-1.11 openSUSE Tumbleweed:znc-devel-1.8.2-1.11 openSUSE Tumbleweed:znc-lang-1.8.2-1.11 openSUSE Tumbleweed:znc-perl-1.8.2-1.11 openSUSE Tumbleweed:znc-python3-1.8.2-1.11 openSUSE Tumbleweed:znc-tcl-1.8.2-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-9917.html CVE-2019-9917 https://bugzilla.suse.com/1130360 SUSE Bug 1130360 An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system. A locally authenticated attacker could exploit this vulnerability by running a specially crafted application. The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory. CVE-2020-1377 openSUSE Tumbleweed:znc-1.8.2-1.11 openSUSE Tumbleweed:znc-devel-1.8.2-1.11 openSUSE Tumbleweed:znc-lang-1.8.2-1.11 openSUSE Tumbleweed:znc-perl-1.8.2-1.11 openSUSE Tumbleweed:znc-python3-1.8.2-1.11 openSUSE Tumbleweed:znc-tcl-1.8.2-1.11 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-1377.html CVE-2020-1377