Overview

File _patchinfo of Package patchinfo.18473

<patchinfo incident="18473">
  <issue tracker="bnc" id="1227393">VUL-0: CVE-2024-39844: znc: arbitrary code embedded into the kick reason executed while kicking someone on a channel</issue>
  <issue tracker="cve" id="2024-39844"/>
  <packager>AndreasStieger</packager>
  <rating>critical</rating>
  <category>security</category>
  <summary>Security update for znc</summary>
  <description>This update for znc fixes the following issues:

Update to 1.9.1 (boo#1227393, CVE-2024-39844)

  * This is a security release to fix CVE-2024-39844: remote code
    execution vulnerability in modtcl.
    To mitigate this for existing installations, simply unload the
    modtcl module for every user, if it's loaded. Note that only
    users with admin rights can load modtcl at all.
  * Improve tooltips in webadmin.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places