Debian Security Advisory
DSA-1982-1 hybserv -- denial of service
- Date Reported:
- 29 Jan 2010
- Affected Packages:
- hybserv
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 550389.
In Mitre's CVE dictionary: CVE-2010-0303. - More information:
-
Julien Cristau discovered that hybserv, a daemon running IRC services for IRCD-Hybrid, is prone to a denial of service attack via the commands option.
For the stable distribution (lenny), this problem has been fixed in version 1.9.2-4+lenny2.
Due to a bug in the archive system, it is not possible to release the fix for the oldstable distribution (etch) simultaneously. Therefore, etch will be fixed in version 1.9.2-4+etch1 as soon as it becomes available.
For the testing distribution (squeeze), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 1.9.2-4.1.
We recommend that you upgrade your hybserv packages.
- Fixed in:
-
Debian GNU/Linux 5.0 (lenny)
- Source:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2.orig.tar.gz
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.diff.gz
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2.dsc
- Alpha:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_alpha.deb
- AMD64:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_amd64.deb
- ARM:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_arm.deb
- HP Precision:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_hppa.deb
- Intel IA-32:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_i386.deb
- Intel IA-64:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_ia64.deb
- Little-endian MIPS:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_mipsel.deb
- PowerPC:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_powerpc.deb
- IBM S/390:
- http://security.debian.org/pool/updates/main/h/hybserv/hybserv_1.9.2-4+lenny2_s390.deb
MD5 checksums of the listed files are available in the original advisory.