<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==============================</p>
<div id=":1gn" class="a3s aiL "><wbr>==============================<wbr>==============<br>
Ubuntu Security Notice USN-6990-1<br>
September 04, 2024<br>
<br>
znc vulnerability<br>
==============================<wbr>==============================<wbr>==============<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 24.04 LTS<br>
- Ubuntu 22.04 LTS<br>
- Ubuntu 20.04 LTS<br>
- Ubuntu 18.04 LTS<br>
- Ubuntu 16.04 LTS<br>
- Ubuntu 14.04 LTS<br>
<br>
Summary:<br>
<br>
znc could be made to execute arbitrary code on a user's system if<br>
they were persuaded to join a malicious server.<br>
<br>
Software Description:<br>
- znc: advanced modular IRC bouncer<br>
<br>
Details:<br>
<br>
Johannes Kuhn (DasBrain) discovered that znc incorrectly handled<br>
user input under certain operations. An attacker could possibly<br>
use this issue to execute arbitrary code on a user's system if<br>
the user was tricked into joining a malicious server.<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 24.04 LTS<br>
znc 1.9.0-2ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-dev 1.9.0-2ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-perl 1.9.0-2ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-python 1.9.0-2ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-tcl 1.9.0-2ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 22.04 LTS<br>
znc 1.8.2-2ubuntu0.1<br>
znc-dev 1.8.2-2ubuntu0.1<br>
znc-perl 1.8.2-2ubuntu0.1<br>
znc-python 1.8.2-2ubuntu0.1<br>
znc-tcl 1.8.2-2ubuntu0.1<br>
<br>
Ubuntu 20.04 LTS<br>
znc 1.7.5-4ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-dev 1.7.5-4ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-perl 1.7.5-4ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-python 1.7.5-4ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
znc-tcl 1.7.5-4ubuntu0.1~esm2<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 18.04 LTS<br>
znc 1.6.6-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-dev 1.6.6-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-perl 1.6.6-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-python 1.6.6-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-tcl 1.6.6-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 16.04 LTS<br>
znc 1.6.3-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-dev 1.6.3-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-perl 1.6.3-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-python 1.6.3-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
znc-tcl 1.6.3-1ubuntu0.2+esm2<br>
Available with Ubuntu Pro<br>
<br>
Ubuntu 14.04 LTS<br>
znc 1.2-3ubuntu0.1+esm3<br>
Available with Ubuntu Pro<br>
znc-dev 1.2-3ubuntu0.1+esm3<br>
Available with Ubuntu Pro<br>
znc-perl 1.2-3ubuntu0.1+esm3<br>
Available with Ubuntu Pro<br>
znc-python 1.2-3ubuntu0.1+esm3<br>
Available with Ubuntu Pro<br>
znc-tcl 1.2-3ubuntu0.1+esm3<br>
Available with Ubuntu Pro<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-6990-1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://ubuntu.com/security/notices/USN-6990-1&source=gmail&ust=1725561680705000&usg=AOvVaw0EbvYc8-pxFjG_zHjBXBzK">https://ubuntu.com/security/no<wbr>tices/USN-6990-1</a><br>
CVE-2024-39844<br>
<br>
Package Information:<br>
<a
href="https://launchpad.net/ubuntu/+source/znc/1.8.2-2ubuntu0.1"
rel="noreferrer" target="_blank"
data-saferedirecturl="https://www.google.com/url?q=https://launchpad.net/ubuntu/%2Bsource/znc/1.8.2-2ubuntu0.1&source=gmail&ust=1725561680706000&usg=AOvVaw1Nfhb5gnUjrRbziyesJJum">https://launchpad.net/ubuntu/+<wbr>source/znc/1.8.2-2ubuntu0.1</a>
<div class="yj6qo"></div>
<div class="adL"><br>
</div>
</div>
</body>
</html>