Package "znc"
Name: |
znc
|
Description: |
advanced modular IRC bouncer
|
Latest version: |
1.2-3ubuntu0.1 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
universe |
Homepage: |
http://znc.sourceforge.net/ |
Links
Download "znc"
Other versions of "znc" in Trusty
Packages in group
Deleted packages are displayed in grey.
Changelog
znc (1.2-3ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network configuration change directives. Based on upstream patch.
- debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/patches/CVE-2018-14056.patch: Replace path traversal components
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
* SECURITY UPDATE: Denial of service (crash) from remote authenticated users
- debian/patches/CVE-2014-9403.patch: Check whether channel exists
when dealing with user specified channel name. Based on upstream
patch.
- CVE-2014-9403
-- Alex Murray <email address hidden> Tue, 07 Aug 2018 14:38:37 +0930
|
1781925 |
Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056 |
CVE-2018-14055 |
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inje |
CVE-2018-14056 |
ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. |
CVE-2014-9403 |
The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC before 1.4 allows remote authenticated users to cause a denial of service (NULL po |
|
About
-
Send Feedback to @ubuntu_updates