SUSE Package Hub - openSUSE-2024-203

Update Info

openSUSE-2024-203

Security update for znc

Type: security

Severity: critical

Issued: 2024-07-17

Description:

This update for znc fixes the following issues:

Update to 1.9.1 (boo#1227393, CVE-2024-39844)

  * This is a security release to fix CVE-2024-39844: remote code
    execution vulnerability in modtcl.
    To mitigate this for existing installations, simply unload the
    modtcl module for every user, if it's loaded. Note that only
    users with admin rights can load modtcl at all.
  * Improve tooltips in webadmin.

References

CVE: CVE-2024-39844
Bugzilla: 1227393 VUL-0: CVE-2024-39844: znc: arbitrary code embedded into the kick reason executed while kicking someone on a channel

Packages

znc-1.9.1-bp156.2.3.1