[ngIRCd-ML] ngIRCd 20.3

Alexander Barton alex at barton.de
Fri Aug 23 22:59:37 CEST 2013


A severe bug in ngIRCd 18 up to and including 20.2 has been discovered which
will crash the daemon (denial of service) and can happen when the daemon fails
to send the optional "notice auth" message to new clients connecting to the
server (CVE-2013-5580).

So here it is, our next release: ngIRCd 20.3.

Please note that only setups having the configuration option "NoticeAuth"
enabled are affected, which is not the default.

The only change in ngIRCd 20.3 is the fix for the above bug, all installations
should upgrade.

But please stay tuned, ngIRCd 21 including new features like SSL fingerprints,
and include directory for configuration files, better systemd(8) support etc.
is the the works, too, and I hope that we can soon release a beta version for
testing. I'll keep you informed!

Changes in ngIRCd 20.3:

 • Security: Fix a denial of service bug (server crash) which could happen
   when the configuration option "NoticeAuth" is enabled (which is NOT the
   default) and ngIRCd failed to send the "notice auth" messages to new
   clients connecting to the server (CVE-2013-5580).

More information can be found on the homepage <http://ngircd.barton.de/>
and its mirror <http://ngircd.berlios.de/>.

The primary download locations are:

 • <ftp://ftp.berlios.de/pub/ngircd/>
 • <http://ngircd.barton.de/pub/ngircd/>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://arthur.barton.de/pipermail/ngircd-ml/attachments/20130823/e9e5de89/attachment.pgp>

More information about the ngIRCd-ML mailing list