Fedora has issued an advisory on November 11:
The issue was fixed upstream in 0.8.9, and RedHat has linked the upstream patch.
Patched packages uploaded for Mageia 2, Mageia 3, and Cauldron.
Updated bip package fixes security vulnerability:
bip 0.8.8 and earlier contains an issue where failed SSL handshakes result in a
resource leak. A remote attacker can use this flaw to cause bip to run out of
resources, resulting in a denial of service (CVE-2013-4550).
Updated packages in core/updates_testing:
Steps to Reproduce:
Created attachment 4516 [details]
This is the bip.conf I'm using to test with. The login/password is mrsb/password on port 7778 and it'll join #mageia-qa as MrsBip2 so you might want to change those settings :)
When connecting to bip, for the server itself use the computer running bip and port 7778, then for the server password enter it as user:password:network
In the attached conf mine would be mrsb:password:freenode
Testing complete mga3 64
Testing complete mga2 64 and mga3 32
Testing complete mga2 32
Could sysadmin please push from 2&3 core/updates_testing to updates
A second CVE was issued for another issue that was fixed with the same patch that fixed this issue. CVE-2011-5268 was also fixed here: