Multiple vulnerabilities were reported in ZNC which can be exploited by malicious authenticated users to cause a denial of service. These flaws are due to errors when handling the "editnetwork", "editchan", "addchan", and "delchan" page requests; they can be exploited to cause a NULL pointer dereference. These flaws only affect version 1.0. These issues have been fixed in git [1]. [1] https://github.com/znc/znc/commit/2bd410ee5570cea127233f1133ea22f25174eb28
Created znc tracking bugs for this issue Affects: fedora-all [bug 968563] Affects: epel-all [bug 968566]
The CVE identifier of CVE-2013-2130 has been assigned: http://www.openwall.com/lists/oss-security/2013/05/30/3 to this issue.
znc-1.2-0.1.alpha1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
znc-1.2-0.1.alpha1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
znc-1.2-0.1.alpha1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.