An out-of-range flaw was found in znc where if it received a "PING" from a client without an argument, std::string would throw a std::out_of_range exception which killed znc. This is fixed in subversion [1]. Some unsafe substr() calls were fixed as well. These are of lesser impact because a valid login is required in order to cause a std::out_of_range exception. This is also fixed in subversion [2]. [1] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2093 [2] http://znc.svn.sourceforge.net/viewvc/znc?view=revision&revision=2095
Created znc tracking bugs for this issue Affects: fedora-all [bug 622601]
CVE-2010-2812 was assigned to the first issue (PING DoS), CVE-2010-2934 was assigned to the second issue (unsafe substr() calls).
znc-0.093-2.svn2101.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
znc-0.093-2.svn2101.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.