Project

General

Profile

Bug #9101

Bug #9099: znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)

[3.8] znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)

Added by Alicha CH 9 months ago. Updated 9 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
07/17/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-14055: ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the
network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14055

Patches:

https://github.com/znc/znc/commit/a7bfbd93812950b7444841431e8e297e62cb524e
https://github.com/znc/znc/commit/d22fef8620cdd87490754f607e7153979731c69d

CVE-2018-14056: ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web
skin name to access files outside of the intended skins directories.

Reference:

https://nvd.nist.gov/vuln/detail/CVE-2018-14056

Patch:

https://github.com/znc/znc/commit/a4a5aeeb17d32937d8c7d743dae9a4cc755ce773


Related issues

Copied from Alpine Linux - Bug #9099: znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056)Closed07/17/2018

Associated revisions

Revision 46eeaeb8 (diff)
Added by Natanael Copa 9 months ago

main/znc: security upgrade to 1.7.1 (CVE-2018-14055,CVE-2018-14056)

fixes #9101

History

#1 Updated by Alicha CH 9 months ago

  • Copied from Bug #9099: znc: Multiple vulnerabilities (CVE-2018-14055, CVE-2018-14056) added

#2 Updated by Natanael Copa 9 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 9 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-14055, CVE-2018-14056)

Also available in: Atom PDF