openSUSE: 2024:0203-1 Critical: znc Remote Code Execution Advisory
opensuse
August 23, 2024
An update that fixes one vulnerability is now available
Description
This update for znc fixes the following issues:
Update to 1.9.1 (boo#1227393, CVE-2024-39844)
* This is a security release to fix CVE-2024-39844: remote code
execution vulnerability in modtcl. To mitigate this for existing
installations, simply unload the modtcl module for every user, if it's
loaded. Note that only users with admin rights can load modtcl at all.
* Improve tooltips in webadmin.
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2024-203=1
Package List
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
znc-1.9.1-bp156.2.3.1
znc-devel-1.9.1-bp156.2.3.1
znc-perl-1.9.1-bp156.2.3.1
znc-python3-1.9.1-bp156.2.3.1
znc-tcl-1.9.1-bp156.2.3.1
- openSUSE Backports SLE-15-SP6 (noarch):
znc-lang-1.9.1-bp156.2.3.1
References
https://www.suse.com/security/cve/CVE-2024-39844.html
https://bugzilla.suse.com/1227393
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2024:0203-1
Rating: critical
Affected Products:
openSUSE Backports SLE-15-SP6
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!