- -------------------------------------------------------------------------
Debian Security Advisory DSA-5725-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
July 03, 2024                         https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : znc
CVE ID         : CVE-2024-39844
Debian Bug     : 1075729

Johannes Kuhn discovered that messages and channel names are not
properly escaped in the modtcl module in ZNC, a IRC bouncer, which could
result in remote code execution via specially crafted messages.

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.8.2-2+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 1.8.2-3.1+deb12u1.

We recommend that you upgrade your znc packages.

For the detailed security status of znc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/znc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

Debian: DSA-5725-1: znc Security Advisory Updates

July 3, 2024
Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specia...

Summary

For the oldstable distribution (bullseye), this problem has been fixed
in version 1.8.2-2+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 1.8.2-3.1+deb12u1.

We recommend that you upgrade your znc packages.

For the detailed security status of znc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/znc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
Package : znc
CVE ID : CVE-2024-39844

Related News

34.Key AbstractDigital Esm H170
2 - 4 min read
Security threats continue developing rapidly, with attackers finding new vulnerabilities daily. Recent findings from researchers at Uptycs indicate
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
1.Penguin Landscape Esm H170
2 - 3 min read
On Independence Day, there is a deep recognition of digital autonomy amidst the colorful fireworks displays and patriotic revelry. At LinuxSecurity,
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
11.Locks IsometricPattern Esm H170
2 - 4 min read
Linux Mint is a user-friendly GNU/Linux desktop distribution built upon Ubuntu and Debian for maximum reliability while offering an aesthetically
32.Lock Code Circular Esm H170
2 - 4 min read
In an era where cybersecurity threats loom larger than ever, the discovery of a Remote Code Execution (RCE) vulnerability in OpenSSH by Qualys’
27.Tablet Connections Blocks Lock Esm H170
2 - 4 min read
Debian recently unveiled a significant update to its stable distribution, Debian 12.6 (codename "bookworm"). While not an entirely new release, this
8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved