← Back to team overview

group.of.nepali.translators team mailing list archive

  1. group.of.nepali.translators team
  2. Mailing list archive
  3. Message #25412

[Bug 1781925] Re: Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

  Thread PreviousDate PreviousThread Next 
This bug was fixed in the package znc - 1.6.6-1ubuntu0.1

---------------
znc (1.6.6-1ubuntu0.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
    - debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
      network configuration change directives. Based on upstream patch.
    - debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
      writing out configuration file. Based on upstream patch.
    - CVE-2018-14055
  * SECURITY UPDATE: Path traversal flaw allows access to files outside of
    skins (LP: #1781925)
    - debian/patches/CVE-2018-14056.patch: Replace path traversal components
      in skin names to ensure path traversal is not possible. Based on
      upstream patch.
    - CVE-2018-14056

 -- Alex Murray <alex.murray@xxxxxxxxxxxxx>  Thu, 26 Jul 2018 15:28:39
+0930

** Changed in: znc (Ubuntu Bionic)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1781925

Title:
  Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056

Status in znc package in Ubuntu:
  Fix Released
Status in znc source package in Trusty:
  Confirmed
Status in znc source package in Xenial:
  Fix Released
Status in znc source package in Artful:
  Won't Fix
Status in znc source package in Bionic:
  Fix Released
Status in znc source package in Cosmic:
  Fix Released

Bug description:
  Multiple remote vulnerabilities reported in ZNC package:
  CVE-2018-14055, CVE-2018-14056

  Debian LTS has updates available:
  http://www.linuxsecurity.com/content/view/213083?rdf

  Relevant patches in znc git:

  https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773
  https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
  https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

  Currently no updates available in Xenial, did not see any existing
  reports.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1781925/+subscriptions
  Thread PreviousDate PreviousThread Next