[Secure-testing-team] Bug#836706: certificate spoofing via crafted SASL messages
Antoine Beaupré
anarcat at debian.org
Sun Sep 4 21:34:33 UTC 2016
Source: inspircd
Version: 2.0.5-1+deb7u2
Severity: critical
Tags: security
inspircd published 2.0.23 that fixes an issue with SASL
authentication. The details are here:
http://www.inspircd.org/2016/09/03/v2023-released.html
All versions are affected.
Upstream hasn't requested a CVE yet. I will contact oss-security to
make sure that happens.
It seems to also affect Charybdis, which fixed the issue in the
upcoming 3.5.3 release:
https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
I will take care of the 3.5.3 upload or backporting those patches to
3.5.2 and 3.4 (if relevant) as soon as I can.
-- System Information:
Debian Release: 8.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable'), (1, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 4.6.0-0.bpo.1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Secure-testing-team
mailing list