Ubuntu Security Notice USN-6990-1
2024-9-5 23:1:7 Author: packetstormsecurity.com(查看原文) 阅读量:7 收藏

==========================================================================
Ubuntu Security Notice USN-6990-1
September 04, 2024

znc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

znc could be made to execute arbitrary code on a user's system if
they were persuaded to join a malicious server.

Software Description:
- znc: advanced modular IRC bouncer

Details:

Johannes Kuhn (DasBrain) discovered that znc incorrectly handled
user input under certain operations. An attacker could possibly
use this issue to execute arbitrary code on a user's system if
the user was tricked into joining a malicious server.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
znc 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.9.0-2ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 22.04 LTS
znc 1.8.2-2ubuntu0.1
znc-dev 1.8.2-2ubuntu0.1
znc-perl 1.8.2-2ubuntu0.1
znc-python 1.8.2-2ubuntu0.1
znc-tcl 1.8.2-2ubuntu0.1

Ubuntu 20.04 LTS
znc 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-dev 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-perl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-python 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro
znc-tcl 1.7.5-4ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 18.04 LTS
znc 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.6-1ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 16.04 LTS
znc 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-dev 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-perl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-python 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro
znc-tcl 1.6.3-1ubuntu0.2+esm2
Available with Ubuntu Pro

Ubuntu 14.04 LTS
znc 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-dev 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-perl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-python 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro
znc-tcl 1.2-3ubuntu0.1+esm3
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6990-1
<https://ubuntu.com/security/notices/USN-6990-1>
CVE-2024-39844

Package Information:
https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1
<https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1>


文章来源: https://packetstormsecurity.com/files/181352/USN-6990-1.txt
如有侵权请联系:admin#unsafe.sh