A CVE was assigned for a denial of service issue fixed upstream: http://openwall.com/lists/oss-security/2015/12/13/1 Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated quassel packages fix security vulnerability: The Quassel core could be crashed by a client using the op command, causing a denial of service (CVE-2015-8547). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8547 http://openwall.com/lists/oss-security/2015/12/13/1 ======================== Updated packages in core/updates_testing: ======================== quassel-0.10.1-5.1.mga5 quassel-common-0.10.1-5.1.mga5 quassel-client-0.10.1-5.1.mga5 quassel-core-0.10.1-5.1.mga5 from quassel-0.10.1-5.1.mga5.src.rpm Reproducible: Steps to Reproduce:
Testing complete mga5 32 Confirmed the crash. Started quasselcore in one terminal and quasselclient in a 2nd. Completed the setup wizard. Created a channel "/join #mrsbtest" and used "/op *" which crashed the core. Confirmed OK after update.
Whiteboard: (none) => has_procedure mga5-32-ok
Whiteboard: has_procedure mga5-32-ok => has_procedure mga5-32-ok advisory
Validating. Please push to 5 updates Thanks
Keywords: (none) => validated_updateCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0475.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/668336/