Security Information / 2016 / Security Information -- DSA-3586-1 atheme-services

Debian Security Advisory

DSA-3586-1 atheme-services -- security update

Date Reported:

23 May 2016

Affected Packages:

atheme-services

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-4478.

More information:

It was discovered that a buffer overflow in the XMLRPC response encoding code of the Atheme IRC services may result in denial of service.

For the stable distribution (jessie), this problem has been fixed in version 6.0.11-2+deb8u1.

For the testing distribution (stretch), this problem has been fixed in version 7.0.7-2.

For the unstable distribution (sid), this problem has been fixed in version 7.0.7-2.

We recommend that you upgrade your atheme-services packages.