Lucene search

Gentoo FoundationMGASA-2019-0262

HistorySep 12, 2019 - 10:09 p.m.

Updated znc packages fix security vulnerabilities

2019-09-1222:09:52

Gentoo Foundation

advisories.mageia.org

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.7%

JSON

Jeriko One discovered two vulnerabilities in the ZNC IRC bouncer which could result in privilege escalation or denial of service (CVE-2018-14055, CVE-2018-14056). Two vulnerabilities were discovered in the ZNC IRC bouncer which could result in remote code execution (CVE-2019-12816) or denial of service via invalid encoding (CVE-2019-9917).

OSVersionArchitecturePackageVersionFilename
Mageia6noarchznc< 1.7.4-1znc-1.7.4-1.mga6
Mageia7noarchznc< 1.7.4-1znc-1.7.4-1.mga7

OS	Version	Architecture	Package	Version	Filename
Mageia	6	noarch	znc	< 1.7.4-1	znc-1.7.4-1.mga6
Mageia	7	noarch	znc	< 1.7.4-1	znc-1.7.4-1.mga7

References

bugs.mageia.org/show_bug.cgi?id=23327

www.debian.org/security/2018/dsa-4252

www.debian.org/security/2019/dsa-4463

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.014

Percentile

86.7%

JSON

Related for MGASA-2019-0262