Mageia alert MGASA-2013-0055 (ircd-hybrid)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2013-0055: ircd-hybrid-7.2.3-10.3.mga2
 (2/core) 
Date:
    	     
 
Sat, 16 Feb 2013 20:31:00 +0100
Message-ID:
    	     
 
<20130216193100.GA29682@valstar.mageia.org>

MGASA-2013-0055
Date: 	February 16th, 2013
Affected releases: 	2
Media: 	Core


Description:
Updated ircd-hybrid packages fix security vulnerability:

Bob Nomnomnom reported a Denial of Service vulnerability in IRCD-Hybrid, an
Internet Relay Chat server. A remote attacker may use an error in the masks
validation and crash the server (CVE-2013-0238).

Please note that due to the previously suboptimal nature of the sysvinit
script, systemd systems would not correctly detect the daemon process as
running and thus could not stop the service. As a result, you may have to
manually kill the process and start the service after upgrading (i.e.
killall ircd-hybrid; systemctl start ircd-hybrid.service).


Updated Packages:
i586:
ircd-hybrid-7.2.3-10.3.mga2.i586.rpm
ircd-hybrid-devel-7.2.3-10.3.mga2.i586.rpm
ircd-hybrid-debug-7.2.3-10.3.mga2.i586.rpm

x86_64:
ircd-hybrid-7.2.3-10.3.mga2.x86_64.rpm
ircd-hybrid-devel-7.2.3-10.3.mga2.x86_64.rpm
ircd-hybrid-debug-7.2.3-10.3.mga2.x86_64.rpm

SRPMS:
ircd-hybrid-7.2.3-10.3.mga2.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0238
http://www.debian.org/security/2013/dsa-2618
https://bugs.mageia.org/show_bug.cgi?id=9001
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...