openSUSE Security Update: Security update for znc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2024:0203-1 Rating: critical References: #1227393 Cross-References: CVE-2024-39844 Affected Products: openSUSE Backports SLE-15-SP6 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for znc fixes the following issues: Update to 1.9.1 (boo#1227393, CVE-2024-39844) * This is a security release to fix CVE-2024-39844: remote code execution vulnerability in modtcl. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. * Improve tooltips in webadmin. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP6: zypper in -t patch openSUSE-2024-203=1 Package List: - openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64): znc-1.9.1-bp156.2.3.1 znc-devel-1.9.1-bp156.2.3.1 znc-perl-1.9.1-bp156.2.3.1 znc-python3-1.9.1-bp156.2.3.1 znc-tcl-1.9.1-bp156.2.3.1 - openSUSE Backports SLE-15-SP6 (noarch): znc-lang-1.9.1-bp156.2.3.1 References: https://www.suse.com/security/cve/CVE-2024-39844.html https://bugzilla.suse.com/1227393