Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 527
Alerts This Week
Warning Icon 1 527

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -1 articles for you...
197

Debian 9: DLA-2375-1 Moderate: InspIRCd Denial Of Service

Two security issues were discovered in the modules of the InspIRCd IRC daemon, which could result in denial of service. CVE-2019-20917 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2375-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Abhijith PA September 19, 2020 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : inspircd Version : 2.0.23-2+deb9u1 CVE ID : CVE-2019-20917 CVE-2020-25269 Two security issues were discovered in the modules of the InspIRCd IRC daemon, which could result in denial of service. CVE-2019-20917 mysql module before v3.3.0 contains a null pointer dereference when built against mariadb-connector-c. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server. CVE-2020-25269 The pgsql module contains a use after free vulnerability. When combined with the sqlauth or sqloper modules this vulnerability can be used to remotely crash an InspIRCd server by any user able to connect to a server. For Debian 9 stretch, these problems have been fixed in version 2.0.23-2+deb9u1. We recommend that you upgrade your inspircd packages. For the detailed security status of inspircd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inspircd Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Debian LTS Advisory DLA-2366-1 highlights vulnerabilities in the ProFTPD server, potentially resulting in unauthorized access.. Debian LTS, security update, InspIRCd, denial of service, patch. . LinuxSecurity.com Team

Calendar%202 Sep 20, 2020 Debian LTS
87

Debian: DSA-4764-1 Moderate: Inspircd Denial of Service Threats

Two security issues were discovered in the pgsql and mysql modules of the InspIRCd IRC daemon, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4764-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 18, 2020 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd CVE ID : CVE-2019-20917 CVE-2020-25269 Debian Bug : 960650 Two security issues were discovered in the pgsql and mysql modules of the InspIRCd IRC daemon, which could result in denial of service. For the stable distribution (buster), these problems have been fixed in version 2.0.27-1+deb10u1. We recommend that you upgrade your inspircd packages. For the detailed security status of inspircd please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/inspircd Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Elevate the inspircd to address two significant vulnerabilities in pgsql and mysql add-ons, leading to potential denial of service on Debian systems.. Debian Security, InspIRCd Update, Denial of Service Threats. . LinuxSecurity.com Team

Calendar%202 Sep 18, 2020 Debian
87

Debian: DSA-3662-1 Moderate: Inspircd SASL Authentication Risk

It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. For the stable distribution (jessie), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3662-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Moritz Muehlenhoff September 08, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd CVE ID : CVE-2016-7142 It was discovered that incorrect SASL authentication in the Inspircd IRC server may lead to users impersonating other users. For the stable distribution (jessie), this problem has been fixed in version 2.0.17-1+deb8u2. For the unstable distribution (sid), this problem has been fixed in version 2.0.23-1. We recommend that you upgrade your inspircd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The security advisory DSA-3673-2 highlights vulnerabilities in BIND DNS server configurations, improving overall network protection for users.. Debian Inspircd Security Update, SASL Authentication Flaw, Security Impersonation Risk. . LinuxSecurity.com Team

Calendar%202 Sep 08, 2016 Debian
87

Debian: DSA-3527-2 Urgent: Inspircd DoS Vulnerability and Resolution

It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3527-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/security/ Sebastien Delafond March 24, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd CVE ID : CVE-2015-8702 It was discovered that inspircd, an IRC daemon, incorrectly handled PTR lookups of connecting users. This flaw allowed a remote attacker to crash the application by setting up malformed DNS records, thus causing a denial-of-service, For the oldstable distribution (wheezy), this problem has been fixed in version 2.0.5-1+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 2.0.17-1+deb8u1. For the testing (stretch) and unstable (sid) distributions, this problem has been fixed in version 2.0.20-1. We recommend that you upgrade your inspircd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Security Notice DSA-3527-1: inspircd DNS vulnerability patches for Debian stable and legacy distributions.. Debian Security, Inspircd Update, DoS Attack Prevention. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 24, 2016 Important Debian
87

Debian Inspircd Critical Buffer Overflow Threat DSA-3226-1

This email address is being protected from spambots. You need JavaScript enabled to view it. discovered several problems in inspircd, an IRC daemon: - an incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to . - ------------------------------------------------------------------------- Debian Security Advisory DSA-3226-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Sebastien Delafond April 15, 2015 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd Debian Bug : 780880 This email address is being protected from spambots. You need JavaScript enabled to view it. discovered several problems in inspircd, an IRC daemon: - an incomplete patch for CVE-2012-1836 failed to adequately resolve the problem where maliciously crafted DNS requests could lead to remote code execution through a heap-based buffer overflow. - the incorrect processing of specific DNS packets could trigger an infinite loop, thus resulting in a denial of service. For the stable distribution (wheezy), this problem has been fixed in version 2.0.5-1+deb7u1. For the upcoming stable distribution (jessie) and unstable distribution (sid), this problem has been fixed in version 2.0.16-1. We recommend that you upgrade your inspircd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . The recent Debian security advisory regarding Inspircd highlights important patches addressing severe vulnerabilities related to buffer overflows and potential denial of service attacks.. Debian Security Advisory,inspircd updates,remote code execution. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 15, 2015 Critical Debian
91

Gentoo: GLSA-201204-02 Critical: InspIRCd Code Execution Vulnerability

A heap-based buffer overflow in InspIRCd may allow execution of arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201204-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: InspIRCd: Arbitrary code execution Date: April 10, 2012 Bugs: #409159 ID: 201204-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A heap-based buffer overflow in InspIRCd may allow execution of arbitrary code. Background ========= InspIRCd (Inspire IRCd) is a modular C++ IRC daemon Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/inspircd < 2.0.5-r1 > = 2.0.5-r1 Description ========== A vulnerability in InspIRCd allows DNS compression features to control the number of overflowed bytes sent to the heap-based buffer "res[]" in dns.cpp. Impact ===== A remote attacker could send specially crafted DNS responses, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition. Workaround ========= There is no known workaround at this time. Resolution ========= All InspIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-irc/inspircd-2.0.5-r1" References ========= [ 1 ] CVE-2012-1836 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1836 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201204-02 Concerns? ======== Security is a primaryfocus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Critical alert for Gentoo community: Address InspIRCd’s severe code execution vulnerability quickly.. InspIRCd Security, Gentoo Advisory, Code Execution Risk, High Severity Threat. . Severity: Critical. LinuxSecurity.com Team

Calendar%202 Apr 10, 2012 Critical Gentoo
87

Debian: DSA-2449-1 Moderate: Apache Tomcat Security Vulnerability

It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. For the stable distribution (squeeze), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2448-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Jonathan Wiltshire April 10, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : inspircd Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-1836 Debian Bug : 667914 It was discovered that a heap-based buffer overflow in InspIRCd could allow remote attackers to execute arbitrary code via a crafted DNS query. For the stable distribution (squeeze), this problem has been fixed in version 1.1.22+dfsg-4+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.1.22+dfsg-4+wheezy1. For the unstable distribution (sid), this problem has been fixed in version 2.0.5-0.1. We recommend that you upgrade your inspircd packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . InspIRCd's recent buffer overflow vulnerability poses significant security risks, enabling potential arbitrary code execution. Debian stable users must update promptly. InspIRCd Security, Debian Update, Remote Code Risks, Buffer Overflow Issue. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Apr 10, 2012 Important Debian
91

Gentoo: GLSA-200805-08 Normal: InspIRCd Denial of Service Issue

A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200805-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: InspIRCd: Denial of Service Date: May 09, 2008 Bugs: #215704 ID: 200805-08 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A buffer overflow in InspIRCd allows remote attackers to cause a Denial of Service. Background ========= InspIRCd (Inspire IRCd) is a modular C++ IRC daemon. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/inspircd < 1.1.19 > = 1.1.19 Description ========== The "namesx" and "uhnames" modules do not properly validate network input, leading to a buffer overflow. Impact ===== A remote attacker can send specially crafted IRC commands to the server, causing a Denial of Service. Workaround ========= Unload the "uhnames" module in the InspIRCd configuration. Resolution ========= All InspIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-irc/inspircd-1.1.19" References ========= [ 1 ] CVE-2008-1925 https://www.cve.org/CVERecord?id=CVE-2008-1925 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200805-08 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is ofutmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org/. License ====== Copyright 2008 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . InspIRCd running on Gentoo Linux is vulnerable to a buffer overflow, enabling potential remote Denial of Service (DoS) attacks. It's advised to perform an upgrade.. InspIRCd Denial Of Service,Gentoo Linux Security,buffer overflow. . LinuxSecurity.com Team

Calendar%202 May 09, 2008 Gentoo
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200