openSUSE-SU-2022:10018-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:10018-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:10018-1
Related
Published
2022-06-20T10:32:27Z
Modified
2022-06-20T10:32:27Z
Summary
Security update for atheme
Details

This update for atheme fixes the following issues:

atheme was updated to release 7.2.12:

  • CVE-2022-24976: Fixed General authentication bypass in Atheme IRC services with InspIRCd 3 [boo#1195989]
  • Track SASL login EID

Update to release 7.2.11

  • Add a preliminary Turkish translation
  • Add HMAC-MD5 verify-only support to crypto/pbkdf2v2
  • modules/chanserv/akick: fix unload crash with akicks that have timeouts
  • modules/nickserv/multimark: use IRC case canonicalisation for restored nicks
  • modules/nickserv/multimark: forbid unloading due to the potential for data loss
  • CA_ constants: include CA_EXEMPT (+e) where appropriate

Update to new upstream release 7.2.10.r2

  • Fix potential NULL dereference in modules/crypto/posix.
  • Bump E-Mail address maximum length to 254 characters.
  • Use flags setter information in modules/chanserv/access & modules/chanserv/flags.
  • Fix issue where modules/misc/httpd was not closing its listening socket on deinit.
  • Fix GroupServ data loss issue when a group was the founder of another group.
References

Affected packages

SUSE:Package Hub 15 SP3 / atheme

Package

Name
atheme
Purl
pkg:rpm/suse/atheme&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.12-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "atheme": "7.2.12-bp153.2.3.1",
            "libathemecore1": "7.2.12-bp153.2.3.1",
            "atheme-devel": "7.2.12-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / atheme

Package

Name
atheme
Purl
pkg:rpm/opensuse/atheme&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
7.2.12-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "atheme": "7.2.12-bp153.2.3.1",
            "libathemecore1": "7.2.12-bp153.2.3.1",
            "atheme-devel": "7.2.12-bp153.2.3.1"
        }
    ]
}