Debian 9: DLA-2375-1 Moderate: InspIRCd Denial Of Service
debian lts
September 20, 2020
Two security issues were discovered in the modules of the InspIRCd IRC daemon, which could result in denial of service
Topics Covered
Summary
CVE-2019-20917
mysql module before v3.3.0 contains a null pointer dereference when
built against mariadb-connector-c. When combined with the sqlauth or
sqloper modules this vulnerability can be used to remotely crash an
InspIRCd server by any user able to connect to a server.
CVE-2020-25269
The pgsql module contains a use after free vulnerability. When combined
with the sqlauth or sqloper modules this vulnerability can be used to
remotely crash an InspIRCd server by any user able to connect to a
server.
For Debian 9 stretch, these problems have been fixed in version
2.0.23-2+deb9u1.
We recommend that you upgrade your inspircd packages.
For the detailed security status of inspircd please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/source-package/inspircd
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
PREVIOUS 
NEXT Package: inspircd
Version: 2.0.23-2+deb9u1
CVE ID: CVE-2019-20917 CVE-2020-25269
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!