Package: znc | Debian Sources

Package: znc / 1.8.2-2+deb11u1

Metadata

Package	Version	Patches format
znc	1.8.2-2+deb11u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2024 39844.patch \| (download)	modules/modtcl.cpp \| 9 6 + 3 - 0 ! 1 file changed, 6 insertions(+), 3 deletions(-)	[patch] fix rce vulnerability in modtcl Remote attacker could execute arbitrary code embedded into the kick reason while kicking someone on a channel. To mitigate this for existing installations, simply unload the modtcl module for every user, if it's loaded. Note that only users with admin rights can load modtcl at all. Discovered by Johannes Kuhn (DasBrain) Patch by https://github.com/glguy CVE-2024-39844

Patch

File delta

Description

CVE 2024 39844.patch | (download)

modules/modtcl.cpp | 9 6 + 3 - 0 !
1 file changed, 6 insertions(+), 3 deletions(-)

 [patch] fix rce vulnerability in modtcl

Remote attacker could execute arbitrary code embedded into the kick
reason while kicking someone on a channel.

To mitigate this for existing installations, simply unload the modtcl
module for every user, if it's loaded.
Note that only users with admin rights can load modtcl at all.

Discovered by Johannes Kuhn (DasBrain)

Patch by https://github.com/glguy

CVE-2024-39844