It was reported [1] that ircd-hybrid suffers from a denial of service condition due to improper validation of input when parsing masks. Because try_parse_v4_netmask() (in src/hostmask.c) uses strtoul to parse masks, and does not properly validate input, it can segfault on certain input. This could allow a remote attacker to crash the ircd server. This has been fixed upstream in version 8.0.6 [2]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699267 [2] http://svn.ircd-hybrid.org:8000/viewcvs.cgi/ircd-hybrid/trunk/src/hostmask.c?r1=1786&r2=1785&pathrev=1786
Created ircd-hybrid tracking bugs for this issue Affects: epel-all [bug 905653]
According to http://dl.fedoraproject.org/pub/epel/6/SRPMS/Packages/i/ this package is not shipped in EPEL6. Given it was filed against EPEL5 at that time, closing this.