[SECURITY] [DSA 3226-1] inspircd security update

2015-04-1515:42:18

lists.debian.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Debian Security Advisory DSA-3226-1 [email protected]
http://www.debian.org/security/ Sebastien Delafond
April 15, 2015 http://www.debian.org/security/faq

Package : inspircd
Debian Bug : 780880

[email protected] discovered several problems in inspircd, an IRC daemon:

an incomplete patch for CVE-2012-1836 failed to adequately resolve
the problem where maliciously crafted DNS requests could lead to
remote code execution through a heap-based buffer overflow.
the incorrect processing of specific DNS packets could trigger an
infinite loop, thus resulting in a denial of service.

For the stable distribution (wheezy), this problem has been fixed in
version 2.0.5-1+deb7u1.

For the upcoming stable distribution (jessie) and unstable
distribution (sid), this problem has been fixed in version 2.0.16-1.

We recommend that you upgrade your inspircd packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7kfreebsd-i386inspircd-dbg< 2.0.5-1+deb7u1inspircd-dbg_2.0.5-1+deb7u1_kfreebsd-i386.deb
Debian6sparcinspircd< 1.1.22+dfsg-4+squeeze1inspircd_1.1.22+dfsg-4+squeeze1_sparc.deb
Debian7ia64inspircd-dbg< 2.0.5-1+deb7u1inspircd-dbg_2.0.5-1+deb7u1_ia64.deb
Debian7armelinspircd-dbg< 2.0.5-1+deb7u1inspircd-dbg_2.0.5-1+deb7u1_armel.deb
Debian6allinspircd< 1.1.22+dfsg-4+squeeze1inspircd_1.1.22+dfsg-4+squeeze1_all.deb
Debian7armhfinspircd-dbg< 2.0.5-1+deb7u1inspircd-dbg_2.0.5-1+deb7u1_armhf.deb
Debian6powerpcinspircd-dbg< 1.1.22+dfsg-4+squeeze1inspircd-dbg_1.1.22+dfsg-4+squeeze1_powerpc.deb
Debian7s390inspircd< 1.1.22+dfsg-4+wheezy1inspircd_1.1.22+dfsg-4+wheezy1_s390.deb
Debian6mipsinspircd< 1.1.22+dfsg-4+squeeze1inspircd_1.1.22+dfsg-4+squeeze1_mips.deb
Debian7amd64inspircd-dbg< 1.1.22+dfsg-4+wheezy1inspircd-dbg_1.1.22+dfsg-4+wheezy1_amd64.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	kfreebsd-i386	inspircd-dbg	< 2.0.5-1+deb7u1	inspircd-dbg_2.0.5-1+deb7u1_kfreebsd-i386.deb
Debian	6	sparc	inspircd	< 1.1.22+dfsg-4+squeeze1	inspircd_1.1.22+dfsg-4+squeeze1_sparc.deb
Debian	7	ia64	inspircd-dbg	< 2.0.5-1+deb7u1	inspircd-dbg_2.0.5-1+deb7u1_ia64.deb
Debian	7	armel	inspircd-dbg	< 2.0.5-1+deb7u1	inspircd-dbg_2.0.5-1+deb7u1_armel.deb
Debian	6	all	inspircd	< 1.1.22+dfsg-4+squeeze1	inspircd_1.1.22+dfsg-4+squeeze1_all.deb
Debian	7	armhf	inspircd-dbg	< 2.0.5-1+deb7u1	inspircd-dbg_2.0.5-1+deb7u1_armhf.deb
Debian	6	powerpc	inspircd-dbg	< 1.1.22+dfsg-4+squeeze1	inspircd-dbg_1.1.22+dfsg-4+squeeze1_powerpc.deb
Debian	7	s390	inspircd	< 1.1.22+dfsg-4+wheezy1	inspircd_1.1.22+dfsg-4+wheezy1_s390.deb
Debian	6	mips	inspircd	< 1.1.22+dfsg-4+squeeze1	inspircd_1.1.22+dfsg-4+squeeze1_mips.deb
Debian	7	amd64	inspircd-dbg	< 1.1.22+dfsg-4+wheezy1	inspircd-dbg_1.1.22+dfsg-4+wheezy1_amd64.deb