Security update for quassel
This update for quassel fixes the following issues:
Security fixes (boo#1090495):
- CVE-2018-1000178: A heap metadata corruption in qdatastream could have been
exploited to launch an unauthenticated remote code execution
- CVE-2018-1000179: A remote attacker could have caused a Denial of Service attack
by initiating login attempts before the core got initialized
The following tracked packaging change is included:
- boo#1069468: no longer use /var/adm/fillup-templates
This update also includes various small bug fixes in the upstream 0.12.4 release.
- Submitted by Tomáš Chvátal (scarabeus_iv)
Fixed bugs
bnc#1090495
VUL-0: quassel: Corruption of heap metadata leading to preauth remote code execution and DOS
bnc#1069468
Packages should no longer use /var/adm/fillup-templates