Security update for znc SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:2228-1 Final 1 1 2018-08-07T09:12:30Z current 2018-08-07T09:12:30Z 2018-08-07T09:12:30Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for znc This update for znc fixes the following issues: - Update to version 1.7.1 * CVE-2018-14055: non-admin user could gain admin privileges and shell access by injecting values into znc.conf (bnc#1101281) * CVE-2018-14056: path traversal in HTTP handler via ../ in a web skin name. (bnc#1101280) - Update to version 1.7.0 * Make ZNC UI translateable to different languages * Configs written before ZNC 0.206 can't be read anymore * Implement IRCv3.2 capabilities away-notify, account-notify, extended-join * Implement IRCv3.2 capabilities echo-message, cap-notify on the "client side" * Update capability names as they are named in IRCv3.2: znc.in/server-time-iso→server-time, znc.in/batch→batch. Old names will continue working for a while, then will be removed in some future version. * Make ZNC request server-time from server when available * Add "AuthOnlyViaModule" global/user setting * Stop defaulting real name to "Got ZNC?" * Add SNI SSL client support * Add support for CIDR notation in allowed hosts list and in trusted proxy list * Add network-specific config for cert validation in addition to user-supplied fingerprints: TrustAllCerts, defaults to false, and TrustPKI, defaults to true. * Add /attach command for symmetry with /detach. Unlike /join it allows wildcards. - Update to version 1.6.6: * Fix use-after-free in znc --makepem. It was broken for a long time, but started segfaulting only now. This is a useability fix, not a security fix, because self-signed (or signed by a CA) certificates can be created without using --makepem, and then combined into znc.pem. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00017.html E-Mail link for openSUSE-SU-2018:2228-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-1.7.1-2.1 znc-devel-1.7.1-2.1 znc-lang-1.7.1-2.1 znc-perl-1.7.1-2.1 znc-python3-1.7.1-2.1 znc-tcl-1.7.1-2.1 znc-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-devel-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-lang-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-perl-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-python3-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 znc-tcl-1.7.1-2.1 as a component of SUSE Package Hub for SUSE Linux Enterprise 12 SP2 ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf. CVE-2018-14055 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-devel-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-lang-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-perl-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-python3-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-tcl-1.7.1-2.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00017.html https://www.suse.com/security/cve/CVE-2018-14055.html CVE-2018-14055 https://bugzilla.suse.com/1101281 SUSE Bug 1101281 ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories. CVE-2018-14056 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-devel-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-lang-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-perl-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-python3-1.7.1-2.1 SUSE Package Hub for SUSE Linux Enterprise 12 SP2:znc-tcl-1.7.1-2.1 moderate Please Install the update. http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00017.html https://www.suse.com/security/cve/CVE-2018-14056.html CVE-2018-14056 https://bugzilla.suse.com/1101280 SUSE Bug 1101280