Debian Security Advisory

DSA-1982-1 hybserv -- denial of service

Date Reported:
29 Jan 2010
Affected Packages:
hybserv
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 550389.
In Mitre's CVE dictionary: CVE-2010-0303.
More information:

Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option.

For the stable distribution (lenny), this problem has been fixed in version 1.9.2-4+lenny2.

Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution (etch) simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available.

For the testing distribution (squeeze), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 1.9.2-4.1.

We recommend that you upgrade your hybserv packages.

Fixed in:

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2.orig.tar.gz
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
Alpha:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_alpha.deb
AMD64:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_amd64.deb
ARM:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_arm.deb
HP Precision:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_hppa.deb
Intel IA-32:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_i386.deb
Intel IA-64:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_ia64.deb
Little-endian MIPS:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_mipsel.deb
PowerPC:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_powerpc.deb
IBM S/390:
http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_s390.deb

MD5 checksums of the listed files are available in the original advisory.