Fedora 10 Update: eggdrop-1.6.19-4.fc10

    Date28 May 2009
    CategoryFedora
    3097
    Posted ByJoe Shakespeare
    mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier allows remote attackers to cause a denial of service (crash) via a crafted PRIVMSG that causes an empty string to trigger a negative string length copy. NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. The current remote denial of service is tracked as CVE-2009-1789.
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2009-5572
    2009-05-28 07:01:50
    --------------------------------------------------------------------------------
    
    Name        : eggdrop
    Product     : Fedora 10
    Version     : 1.6.19
    Release     : 4.fc10
    URL         : http://www.eggheads.org/
    Summary     : The world's most popular Open Source IRC bot
    Description :
    Eggdrop is the world's most popular Open Source IRC bot, designed
    for flexibility and ease of use. It is extendable with Tcl scripts
    and/or C modules, has support for the big five IRC networks and is
    able to form botnets, share partylines and userfiles between bots.
    
    --------------------------------------------------------------------------------
    Update Information:
    
    mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and earlier
    allows remote attackers to cause a denial of service (crash) via a crafted
    PRIVMSG that causes an empty string to trigger a negative string length copy.
    NOTE: this issue exists because of an incorrect fix for CVE-2007-2807. The
    current remote denial of service is tracked as CVE-2009-1789.
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Tue May 26 2009 Robert Scheck  1.6.19-4
    - Added upstream ctcpfix to solve CVE-2009-1789 (#502650)
    * Mon Feb 23 2009 Robert Scheck  1.6.19-3
    - Rebuild for gcc 4.4 and rpm 4.6
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #502650 - CVE-2009-1789 eggdrop DoS (crash)
            https://bugzilla.redhat.com/show_bug.cgi?id=502650
    --------------------------------------------------------------------------------
    
    This update can be installed with the "yum" update program.  Use 
    su -c 'yum update eggdrop' at the command line.
    For more information, refer to "Managing Software with yum",
    available at http://docs.fedoraproject.org/yum/.
    
    All packages are signed with the Fedora Project GPG key.  More details on the
    GPG keys used by the Fedora Project can be found at
    http://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    
    _______________________________________________
    Fedora-package-announce mailing list
    This email address is being protected from spambots. You need JavaScript enabled to view it.
    http://www.redhat.com/mailman/listinfo/fedora-package-announce
    
    You are not authorised to post comments.

    LinuxSecurity Poll

    What is your favorite LinuxSecurity.com feature?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /component/communitypolls/?task=poll.vote
    17
    radio
    [{"id":"65","title":"Feature articles","votes":"0","type":"x","order":"1","pct":0,"resources":[]},{"id":"66","title":"News","votes":"0","type":"x","order":"2","pct":0,"resources":[]},{"id":"67","title":"HOWTOs","votes":"0","type":"x","order":"3","pct":0,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.