Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2015.1005
inspircd security update
16 April 2015
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: inspircd
Publisher: Debian
Operating System: Debian GNU/Linux 7
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2012-1836
Reference: ESB-2012.0351
Original Bulletin:
http://www.debian.org/security/2015/dsa-3226
Comment: This advisory references vulnerabilities in products which run on
platforms other than Debian. It is recommended that administrators
running inspircd check for an updated version of the software for
their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3226-1 security@debian.org
http://www.debian.org/security/ Sebastien Delafond
April 15, 2015 http://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : inspircd
Debian Bug : 780880
adam@anope.org discovered several problems in inspircd, an IRC daemon:
- an incomplete patch for CVE-2012-1836 failed to adequately resolve
the problem where maliciously crafted DNS requests could lead to
remote code execution through a heap-based buffer overflow.
- the incorrect processing of specific DNS packets could trigger an
infinite loop, thus resulting in a denial of service.
For the stable distribution (wheezy), this problem has been fixed in
version 2.0.5-1+deb7u1.
For the upcoming stable distribution (jessie) and unstable
distribution (sid), this problem has been fixed in version 2.0.16-1.
We recommend that you upgrade your inspircd packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQEcBAEBCAAGBQJVLoRHAAoJEBC+iYPz1Z1kO6wIAL9ONDnBUaddsmnW8wMvBScS
G9Lx4gnP6+3zh9MS3h+c71udMwjqDntoHmZ214Dlc8dDT2o2XDb1ATxbtkdW5oNA
UYTJgrBlwWFeeR5p7tliIwEZVviUULb52RIQUUNzEd/vKgXuOvluIBYPnln2wulw
o81qAVs+ObUqohEFk7H2/SSkgbPNkqjmdgpVIDGmQNoXOWzKV65q7RBWXqLRYb4B
2ujGpt9YEtlzw2Elnkeb7ygwZWDnXcLwOX3r6EITWEJXBhNA0Z4tCcBL/N6tIbZf
xjJt5yey+QudxHr8GfOfk9Fccicueh7fSgPRqGvS23BF8tGVd4Bo9ijsiz0tqUA=
=G6c1
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBVS8HqRLndAQH1ShLAQKFMBAAm1l9ve0XHgoBUl4IlzP7JOQPxTph8MAO
WZxym19NXqTI4AQ3LYZK7V+vnIKpVIzEsLCeh8O9vU5xnfb16PxZi4qha+d3TRkt
smVd/71jjJQ3SLrj90JkGXPHQS+GXsq4Bid7dtdJj6ko/ks9v4B3ZG9HQXe/0o0h
koPJ2Wnxg2hlpt95iv/qdAM65jcUYaey8cMbfi5aRaHUTlCUCqIwBDqQmiA/shbP
v3AzCqMfBlz1L+W/dv9xILU75Y7Uvih013gkqolNv7x2Pc+1w4oG2KheDK8wuHBA
po9zDWV60A4OJ4zWJDzAXDYds79Rmq0tcHzHXGdP4U5bMvWmoEWRn/Le2nJtTtPs
yeKyNiS0QpL0uW9yBgMxZjwnM3gVmgPZkkJz52iZxcvr8sHtFdNUfXApimJZBZTK
yCm4L1HyoI12pIfjePbGL87nEJlBBc49nvl5RJ6oNJGJwUE9aQAtPBW5jpAPIhJ6
ntOdqDUmPhgVZioAy+Btv9/H4NgApQxMcyvELKsVSAJLDWcLU5QgnYFinhiiVXBV
vWLF6TsoT0UKlROv4qLCQZUugG0sJKaFdRuydyQhoj/om9Hhuuk4ecc/6aq7OqjQ
JVFfeBUKegctQJPIfg+tDeZmIrRYRAB5vklTNqBxkdFW6mPCZXMQDfXHgxjDab3h
IOPOoUfXvu8=
=jJ4b
-----END PGP SIGNATURE-----