Bug 513152
Summary: | ZNC: Users data directory traversal flaw via Direct Client Connection message | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NEXTRELEASE | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | nb, reed |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://en.znc.in/wiki/ChangeLog/0.072 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-23 23:07:19 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jan Lieskovsky
2009-07-22 09:22:35 UTC
CVE identifier for this vulnerability has been requested here: http://www.openwall.com/lists/oss-security/2009/07/21/5 Note: Please ensure to mention particular CVE identifier in the ZNC's rpm Changelog, when scheduling Fedora updates. This issue affects the versions of the ZNC package, as shipped with Fedora releases of 10, 11, and 12. Please fix. znc-0.072-1.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/znc-0.072-1.fc11 znc-0.072-1.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/znc-0.072-1.fc10 znc-0.072-1.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/znc-0.072-1.el5 znc-0.072-2.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/znc-0.072-2.el5 znc-0.072-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/znc-0.072-2.fc10 znc-0.072-2.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/znc-0.072-2.fc11 znc-0.072-3.fc11 has been submitted as an update for Fedora 11. http://admin.fedoraproject.org/updates/znc-0.072-3.fc11 znc-0.072-3.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/znc-0.072-3.fc10 znc-0.072-3.el5 has been submitted as an update for Fedora EPEL 5. http://admin.fedoraproject.org/updates/znc-0.072-3.el5 znc-0.072-3.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. znc-0.072-3.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report. By ICQ, you mean IRC, right? Two completely different protocols. ;) znc-0.072-3.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. Thanks for the catch Reed, fixed. Updated to 0.072-3, which is 0.072 of ZNC plus a patch to fix the webadmin skins issue which was introduced in 0.072. The updates to rawhide and F-10, F-11, and EL-5 have been pushed to stable. -> CLOSED ERRATA (I think that's the appropriate resolution) Apparently I was supposed to put CLOSED NEXTRELEASE (In reply to comment #1) > CVE identifier for this vulnerability has been requested here: > > http://www.openwall.com/lists/oss-security/2009/07/21/5 > > Note: Please ensure to mention particular CVE identifier in the ZNC's > rpm Changelog, when scheduling Fedora updates. This finally got assigned CVE-2009-2658. |