[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 384-1] inspircd security and regression update

Package        : inspircd
Version        : 1.1.22+dfsg-4+squeeze3
CVE ID         : CVE-2015-8702
Debian Bug     : 668253

It was discovered that InspIRCd did not validate the names in DNS
responses before using them in inter-server communication.  A remote
attacker controlling the reverse DNS server for an IRC client could
use this for denial of service or possibly for privilege escalation on
the IRC network.

InspIRCd appears to have been completely unusable since version
1.1.22+dfsg-4+squeeze1 due to a bug in its build system triggered by
(e)glibc versions newer than 2.9.  This has also been fixed.

Ben Hutchings - Debian developer, member of Linux kernel and LTS teams

Attachment: signature.asc
Description: This is a digitally signed message part

Reply to: