Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
89
security advisoryupdatecriticalFedora 35: FEDORA-2022-f6d46280da Critical: unrealircd Memory Problem
# UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-f6d46280da 2022-04-10 19:51:46.980677 --------------------------------------------------------------------------------Name : unrealircd Product : Fedora 35 Version : 6.0.3 Release : 1.fc35 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti-flood and anti-spam systems, swear filtering and module support. --------------------------------------------------------------------------------Update Information: # UnrealIRCd 6.0.3 A number of serious issues were discovered in UnrealIRCd 6. Among these is an issue which will likely crash the IRCd sooner or later if you `/REHASH` with any active clients connected. ## Fixes * Crash in `WATCH` if the IRCd has been rehashed at least once. After doing a `REHASH` with active clients it will likely corrupt memory. It may take several days until after the rehash for the crash to occur, or even weeks/months on smaller networks (accidental triggering, that is). * A `REHASH` with certain remote includes setups could cause a crash or other weird and confusing problems such as complaining about unable to open anipv6-database or missing snomask configuration. This only affected some people with remote includes, not all. * Potential out-of-bounds write in sending code. In practice it seems harmless on most servers but this cannot be 100% guaranteed. * Unlikely triggered log message would log uninitialized stack data to the log file or send it to ircops. * Channel ops could not remove halfops from a user (`-h`). * After using the `RESTART` command (not recommended) the new IRCd was often no longer writing to log files. * Fix compile problem if you choose to use cURL remote includes but don't have cURL on the system and ask UnrealIRCd to compile cURL. ## Enhancements * The default text log format on disk changed. It now includes the server name where the event was generated. Without this, it was sometimes difficult to trace problems, since previously it sometimes looked like there was a problem on your server when it was actually another server on the network. * Old log format: `[DATE TIME] subsystem.EVENT_ID loglevel: ........` * New log format: `[DATE TIME] servername subsystem.EVENT_ID loglevel: ........` ## Changes * Any MOTD lines added by services via [`SVSMOTD`](https://www.unrealircd.org/docs/MOTD_and_Rules#SVSMOTD) are now shown at the end of the MOTD-on-connect (unless using a shortmotd). Previously the lines were only shown if you manually ran the MOTD command. ## Protocol * `LIST C
Apr 10, 2022 •Critical Fedora 89
security advisoryFedoraupdate informationFedora 36: 2022-0bff4ccd3b Moderate: unrealircd DoS Fix and Enhancements
# UnrealIRCd 6.0.2 UnrealIRCd 6.0.2 comes with several nice feature enhancements along with some fixes. It also includes a fix for a crash bug that can be triggered by ordinary users. ## Fixes * Fix crash that can be triggered by regular users if you have any `deny dcc` blocks in the config or any spamfilters with the `d` (DCC) target. * Fix infinite hang on "Loading. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-0bff4ccd3b 2022-03-26 14:56:28.661837 --------------------------------------------------------------------------------Name : unrealircd Product : Fedora 36 Version : 6.0.2 Release : 1.fc36 URL : https://www.unrealircd.org/ Summary : Open Source IRC server Description : UnrealIRCd is an Open Source IRC server based on the branch of IRCu called Dreamforge, formerly used by the DALnet IRC network. Since the beginning of development on UnrealIRCd in May of 1999, it has become a highly advanced IRCd with a strong focus on modularity, an advanced and highly configurable configuration file. Key features include SSL/TLS, cloaking, advanced anti-flood and anti-spam systems, swear filtering and module support. --------------------------------------------------------------------------------Update Information: # UnrealIRCd 6.0.2 UnrealIRCd 6.0.2 comes with several nice feature enhancements along with some fixes. It also includes a fix for a crash bug that can be triggered by ordinary users. ## Fixes * Fix crash that can be triggered by regular users if you have any `deny dcc` blocks in the config or any spamfilters with the `d` (DCC) target. * Fix infinite hang on "Loading IRCd configuration" if DNS is not working. For example if the 1st DNS server in `/etc/resolv.conf` is down or refusing requests. * Some `MODE` server-to-server commands were missing a timestamp at the end, even though this is mandatory for modes coming from a server. * The [channeldb]() modulenow converts letter extbans to named extbans (e.g. `~a` to `~account`). Previously it did not, which caused letter extbans to appear in the banlist. Later on, when linking servers, this would cause duplicate entries to appear as well, with both the old and new format. The extbans were still effective though, so this is mostly a visual `+b`/`+e`/`+I` list issue. * Some [Extended Server Bans]() were not working correctly for WEBIRC proxies. In particular, a server ban or exempt (ELINE) on `~country:XX` was only checked against the WEBIRC proxy. ## Enhancements * Support for [logging to a channel](). Similar to snomasks but then for channels. * Command line interface changes: * The CLI tool now communicates to the running UnrealIRCd process via a UNIX socket to send commands and retrieve output. * The command `unrealircdctl rehash` will now show the rehash output, including warnings and errors, and return a proper exit code. * The same for `unrealircdctl reloadtls` * The command `unrealircdctl status` to show if UnrealIRCd is running, the version, channel and user count, .. * The command `unrealircdctl genlinkblock` is now [documented]()) and is referred to from the [Linking servers tutorial](). * New option [set::server-notice-show-event]() which can be set to `no` to hide the event information (e.g. `connect.LOCAL_CLIENT_CONNECT`) in server notices. This can be overridden per-oper in the [Oper block]() via `oper::server-notice-show-event`. * Support for IRC over UNIX sockets (on the same machine), if you specify a file in the [listen block]() instead of an ip/port. This probably won't be used much, but the option is there. Users will show up with a host of `localhost` and IP `127.0.0.1` to keep things simple. * The `MAP` command now shows percentages of users * Add `WHO` option to search clients by time connected (e.g. `WHO
Mar 26, 2022 Fedora 
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!