Fedora 35: unrealircd 2022-f6d46280da | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2022-f6d46280da
2022-04-10 19:51:46.980677
--------------------------------------------------------------------------------

Name        : unrealircd
Product     : Fedora 35
Version     : 6.0.3
Release     : 1.fc35
URL         : https://www.unrealircd.org/
Summary     : Open Source IRC server
Description :
UnrealIRCd is an Open Source IRC server based on the branch of IRCu called
Dreamforge, formerly used by the DALnet IRC network. Since the beginning of
development on UnrealIRCd in May of 1999, it has become a highly advanced
IRCd with a strong focus on modularity, an advanced and highly configurable
configuration file. Key features include SSL/TLS, cloaking, advanced anti-
flood and anti-spam systems, swear filtering and module support.

--------------------------------------------------------------------------------
Update Information:

# UnrealIRCd 6.0.3  A number of serious issues were discovered in UnrealIRCd 6.
Among these is an issue which will likely crash the IRCd sooner or later if you
`/REHASH` with any active clients connected.  ## Fixes    * Crash in `WATCH` if
the IRCd has been rehashed at least once. After doing a `REHASH` with active
clients it will likely corrupt memory. It may take several days until after the
rehash for the crash to occur, or even weeks/months on smaller networks
(accidental triggering, that is).   * A `REHASH` with certain remote includes
setups could cause a crash or other weird and confusing problems such as
complaining about unable to open an ipv6-database or missing snomask
configuration. This only affected some people with remote includes, not all.   *
Potential out-of-bounds write in sending code. In practice it seems harmless on
most servers but this cannot be 100% guaranteed.   * Unlikely triggered log
message would log uninitialized stack data to the log file or send it to ircops.
* Channel ops could not remove halfops from a user (`-h`).   * After using the
`RESTART` command (not recommended) the new IRCd was often no longer writing to
log files.   * Fix compile problem if you choose to use cURL remote includes but
don't have cURL on the system and ask UnrealIRCd to compile cURL.  ##
Enhancements    * The default text log format on disk changed. It now includes
the server name where the event was generated. Without this, it was sometimes
difficult to trace problems, since previously it sometimes looked like there was
a problem on your server when it was actually another server on the network.
* Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........`     * New
log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........`  ##
Changes    * Any MOTD lines added by services via
[`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules#SVSMOTD) are now
shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously
the lines were only shown if you manually ran the MOTD command.   ## Protocol
* `LIST C 6.0.3-1
- Upgrade to 6.0.3 (#2071197)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2071197 - unrealircd-6.0.3 is available
        https://bugzilla.redhat.com/show_bug.cgi?id=2071197
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2022-f6d46280da' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

Fedora 35: unrealircd 2022-f6d46280da

April 10, 2022
# UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6

Summary

UnrealIRCd is an Open Source IRC server based on the branch of IRCu called

Dreamforge, formerly used by the DALnet IRC network. Since the beginning of

development on UnrealIRCd in May of 1999, it has become a highly advanced

IRCd with a strong focus on modularity, an advanced and highly configurable

configuration file. Key features include SSL/TLS, cloaking, advanced anti-

flood and anti-spam systems, swear filtering and module support.

Update Information:

# UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the rehash for the crash to occur, or even weeks/months on smaller networks (accidental triggering, that is). * A `REHASH` with certain remote includes setups could cause a crash or other weird and confusing problems such as complaining about unable to open an ipv6-database or missing snomask configuration. This only affected some people with remote includes, not all. * Potential out-of-bounds write in sending code. In practice it seems harmless on most servers but this cannot be 100% guaranteed. * Unlikely triggered log message would log uninitialized stack data to the log file or send it to ircops. * Channel ops could not remove halfops from a user (`-h`). * After using the `RESTART` command (not recommended) the new IRCd was often no longer writing to log files. * Fix compile problem if you choose to use cURL remote includes but don't have cURL on the system and ask UnrealIRCd to compile cURL. ## Enhancements * The default text log format on disk changed. It now includes the server name where the event was generated. Without this, it was sometimes difficult to trace problems, since previously it sometimes looked like there was a problem on your server when it was actually another server on the network. * Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........` * New log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........` ## Changes * Any MOTD lines added by services via [`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules#SVSMOTD) are now shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously the lines were only shown if you manually ran the MOTD command. ## Protocol * `LIST C

Change Log

* Sat Apr 2 2022 Robert Scheck 6.0.3-1 - Upgrade to 6.0.3 (#2071197)

References

[ 1 ] Bug #2071197 - unrealircd-6.0.3 is available https://bugzilla.redhat.com/show_bug.cgi?id=2071197

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-f6d46280da' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : unrealircd
Product : Fedora 35
Version : 6.0.3
Release : 1.fc35
URL : https://www.unrealircd.org/
Summary : Open Source IRC server

Related News

Hackers Deploy Open-Source Tool Sliver C2, Replacing Cobalt Strike, Metasploit

The 10 Best Free Linux Firewall Tools

OpenSSL Dodges a Security Bullet

Linux 6.1 Continues Improving The RNG & Crypto Code

News

Advisories

HOWTOs

Features

Best Linux Backup Solutions to Prevent Data Loss in A Ransomware Attack
ManageEngine Vulnerability Manager Plus: How To Protect Your Enterprise from Security Vulnerabilities
High-Impact DoS, Arbitrary Code Execution, Spoofing Bugs Fixed in Thunderbird 102.9.0
A Guide to Business Cybersecurity: Common Digital Attacks and Precautions
New Linux IceFire Ransomware Variant Discovered: What You Need to Know to Secure Your Systems

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy