ArchLinux: 201807-11: znc: multiple issues
Summary
- CVE-2018-14055 (privilege escalation)
ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming
from the network, allowing a non-admin user to escalate privilege,
inject rogue values into znc.conf, and gain shell access.
- CVE-2018-14056 (directory traversal)
ZNC before 1.7.1-rc1 is prone to a path traversal flaw. A non-admin
user can set web skin name to ../ to access files outside of the
intended skins directories and to cause DoS.
Resolution
Upgrade to 1.7.1-1.
# pacman -Syu "znc>=1.7.1-1"
The problems have been fixed upstream in version 1.7.1.
References
https://wiki.znc.in/ChangeLog/1.7.1 https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d https://marc.info/?l=oss-security&m=153190583604081 https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773 https://marc.info/?l=oss-security&m=153190593904101 https://security.archlinux.org/CVE-2018-14055 https://security.archlinux.org/CVE-2018-14056
Workaround
None.