Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
203
security advisorysecurity fixaccess issueMageia: 2020-0340 Moderate: ngircd Out-Of-Bounds Access Issue
The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148) References: . MGASA-2020-0340 - Updated ngircd package fixes security vulnerability Publication date: 20 Aug 2020 URL: https://advisories.mageia.org/MGASA-2020-0340.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-14148 The Server-Server protocol implementation in ngIRCd before 26~rc2 allows an out-of-bounds access, as demonstrated by the IRC_NJOIN() function. (CVE-2020-14148) References: - https://bugs.mageia.org/show_bug.cgi?id=26853 - https://lists.debian.org/debian-lts-announce/2020/06/msg00023.html - https://www.cve.org/CVERecord?id=CVE-2020-14148 SRPMS: - 7/core/ngircd-25-1.1.mga7 . Mageia 2021-0420 upgrades ngircd to address potential buffer overflow issue. Comprehensive information regarding the patch is provided.. ngircd Security Update, Mageia 2020-0340, Out-Of-Bounds Access, Server Protocol Vulnerability, Security Advisory. . LinuxSecurity.com Team
Aug 20, 2020
Mageia
89
security advisorycritical issuesoftware updateFedora 31 ngircd 2020-8c33e3a771 Critical: Out-Of-Bounds Access Issue
Update to version 26, a bugfix and security release. FIxes CVE-2020-14148.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-8c33e3a771 2020-07-08 01:05:15.752369 --------------------------------------------------------------------------------Name : ngircd Product : Fedora 31 Version : 26 Release : 3.fc31 URL : https://ngircd.barton.de/ Summary : Next Generation IRC Daemon Description : ngIRCd is a free open source daemon for Internet Relay Chat (IRC), developed under the GNU General Public License (GPL). It's written from scratch and is not based upon the original IRCd like many others. --------------------------------------------------------------------------------Update Information: Update to version 26, a bugfix and security release. FIxes CVE-2020-14148. --------------------------------------------------------------------------------ChangeLog: * Sun Jun 28 2020 Kevin Fenzi - 26-3 - Fix arch conditional for tests. :( * Sun Jun 28 2020 Kevin Fenzi - 26-2 - Drop gcc10 workaround (fixed upstream) - Disable tests on i686 for now as they seem sporadically broken. ( https://github.com/ngircd/ngircd/issues/280 ) * Wed Jun 24 2020 Kevin Fenzi - 26-1 - Update to 26. Fixes bug 1849314 * Sat May 16 2020 Kevin Fenzi - 25-7 - rhel8 also has system cypher support, so add that before initial epel8 package. * Sun Mar 29 2020 Kevin Fenzi - 25-6 - Build with -fcommon for now until upstream gcc10 fixes land. Fixes FTBFS bug #1799688 * Wed Jan 29 2020 Fedora Release Engineering - 25-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1848415 - CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848415 [ 2 ] Bug #1849314 - ngircd-26 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=1849314 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-8c33e3a771' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 07, 2020
•Critical
Fedora
89
security advisorycriticalsoftware updateFedora 32: FEDORA-2020-e6d1d849c5 Critical: ngircd Out-Of-Bounds Access
Update to version 26, a bugfix and security release. FIxes CVE-2020-14148.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2020-e6d1d849c5 2020-07-08 01:03:55.021638 --------------------------------------------------------------------------------Name : ngircd Product : Fedora 32 Version : 26 Release : 3.fc32 URL : https://ngircd.barton.de/ Summary : Next Generation IRC Daemon Description : ngIRCd is a free open source daemon for Internet Relay Chat (IRC), developed under the GNU General Public License (GPL). It's written from scratch and is not based upon the original IRCd like many others. --------------------------------------------------------------------------------Update Information: Update to version 26, a bugfix and security release. FIxes CVE-2020-14148. --------------------------------------------------------------------------------ChangeLog: * Sun Jun 28 2020 Kevin Fenzi - 26-3 - Fix arch conditional for tests. :( * Sun Jun 28 2020 Kevin Fenzi - 26-2 - Drop gcc10 workaround (fixed upstream) - Disable tests on i686 for now as they seem sporadically broken. ( https://github.com/ngircd/ngircd/issues/280 ) * Wed Jun 24 2020 Kevin Fenzi - 26-1 - Update to 26. Fixes bug 1849314 * Sat May 16 2020 Kevin Fenzi - 25-7 - rhel8 also has system cypher support, so add that before initial epel8 package. * Sun Mar 29 2020 Kevin Fenzi - 25-6 - Build with -fcommon for now until upstream gcc10 fixes land. Fixes FTBFS bug #1799688 * Wed Jan 29 2020 Fedora Release Engineering - 25-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #1848415 - CVE-2020-14148 ngircd: nigircd: Server-Server protocol implementation leads to out-of-bounds access [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1848415 [ 2 ] Bug #1849314 - ngircd-26 isavailable https://bugzilla.redhat.com/show_bug.cgi?id=1849314 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2020-e6d1d849c5' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jul 07, 2020
•Critical
Fedora
197
security advisorysecurity issueDebianDebian: DLA-2253-1 Major: nginx Security Vulnerability Warning
It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server. . Package : ngircd Version : 22-2+deb8u1 CVE ID : CVE-2020-14148 Debian Bug : #963147 It was discovered that there was an out-of-bounds access vulnerability in the server-server protocol in the ngircd Internet Relay Chat (IRC) server. For Debian 8 "Jessie", this issue has been fixed in ngircd version 22-2+deb8u1. We recommend that you upgrade your ngircd packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Regards, - -- ,'`. : :' : Chris Lamb `. `'`
Jun 21, 2020
•Important
Debian LTS
91
security advisoryhigh severitygentooGentoo Linux 200501-40 High Severity: ngIRCd Daemon Buffer Overflow
ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200501-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: ngIRCd: Buffer overflow Date: January 28, 2005 Bugs: #79705 ID: 200501-40 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= ngIRCd is vulnerable to a buffer overflow that can be used to crash the daemon and possibly execute arbitrary code. Background ========= ngIRCd is a free open source daemon for Internet Relay Chat (IRC). Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/ngircd < 0.8.2 > = 0.8.2 Description ========== Florian Westphal discovered a buffer overflow caused by an integer underflow in the Lists_MakeMask() function of lists.c. Impact ===== A remote attacker can exploit this buffer overflow to crash the ngIRCd daemon and possibly execute arbitrary code with the rights of the ngIRCd daemon process. Workaround ========= There is no known workaround at this time. Resolution ========= All ngIRCd users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-irc/ngIRCd-0.8.2" References ========= [ 1 ] ngIRCd Release Annoucement Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/200501-40 Concerns? ======== Security is a primary focusof Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to
Jan 28, 2005
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!