Mailinglist Archive: opensuse-bugs (3349 mails)

< Previous Next >
[Bug 978170] VUL-0: CVE-2016-4478: atheme: security fixes
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Tue, 03 May 2016 08:13:07 +0000
  • Message-id: <bug-978170-21960-eAhR94bbb4@http.bugzilla.suse.com/>
http://bugzilla.suse.com/show_bug.cgi?id=978170
http://bugzilla.suse.com/show_bug.cgi?id=978170#c2

--- Comment #2 from Sebastian Krahmer <krahmer@xxxxxxxx> ---
Multiple security issues were found in Atheme, an IRC services package

Fix:
https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
Description: A remote attacker could change Atheme's behavior by
registering/dropping certain accounts/nicks.
Reference: https://github.com/atheme/atheme/issues/397

Use CVE-2014-9773. We don't completely understand issues/397. We think
"This is rejected for Atheme, please consider reporting it to a
downstream fork instead" means that the vulnerability report was
originally rejected, but that decision was reconsidered many months
later.


Fix:
https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
Description: Under certain circumstances, a remote attacker could cause
denial of service due to a buffer overflow in the XMLRPC response
encoding code.

Use CVE-2016-4478.

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
References