MGASA-2013-0055
Date: | February 16th, 2013 |
Affected releases: | 2 |
Media: | Core |
Description:
Updated ircd-hybrid packages fix security vulnerability:
Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an
Internet Relay Chat server. A remote attacker may use an error in the masks
validation and crash the server (CVE-2013-0238).
Please note that due to the previously suboptimal nature of the sysvinit
script, systemd systems would not correctly detect the daemon process as
running and thus could not stop the service. As a result, you may have to
manually kill the process and start the service after upgrading (i.e.
killall ircd-hybrid; systemctl start ircd-hybrid.service).
Updated Packages:
i586:
ircd-hybrid-7.2.3-10.3.mga2.i586.rpm
ircd-hybrid-devel-7.2.3-10.3.mga2.i586.rpm
ircd-hybrid-debug-7.2.3-10.3.mga2.i586.rpm
x86_64:
ircd-hybrid-7.2.3-10.3.mga2.x86_64.rpm
ircd-hybrid-devel-7.2.3-10.3.mga2.x86_64.rpm
ircd-hybrid-debug-7.2.3-10.3.mga2.x86_64.rpm
SRPMS:
ircd-hybrid-7.2.3-10.3.mga2.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0238
http://www.debian.org/security/2013/dsa-2618
https://bugs.mageia.org/show_bug.cgi?id=9001