Charybdis, ShadowIRCd: Denial of service — GLSA 201405-21

A vulnerability has been found in Charybdis and ShadowIRCd, possibly resulting in remote Denial of Service.

Affected packages

net-irc/charybdis on all architectures
Affected versions < 3.4.2
Unaffected versions >= 3.4.2
net-irc/shadowircd on all architectures
Affected versions < 6.3.3
Unaffected versions >= 6.3.3

Background

Charybdis is the Atheme Project’s IRC daemon based on ratbox. ShadowIRCd is an IRC daemon based on Charybdis that adds several useful features.

Description

A vulnerability has been discovered in Charybdis and ShadowIRCd. Please review the CVE identifier referenced below for details.

Impact

A remote attacker may be able to cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Charybdis users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/charybdis-3.4.2"
 

All ShadowIRCd users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=net-irc/shadowircd-6.3.3"
 

References

Release date
May 18, 2014

Latest revision
May 18, 2014: 1

Severity
normal

Exploitable
remote

Bugzilla entries