This bug was fixed in the package znc - 1.6.3-1ubuntu0.1
---------------
znc (1.6.3-1ubuntu0.1) xenial-security; urgency=medium
* SECURITY UPDATE: Privilege escalation for non-admin users (LP: #1781925)
- debian/patches/CVE-2018-14055-1.patch: Remove newlines from incoming
network configuration change directives. Based on upstream patch.
- debian/patches/CVE-2018-14055-2.patch: Remove extra newlines when
writing out configuration file. Based on upstream patch.
- CVE-2018-14055
* SECURITY UPDATE: Path traversal flaw allows access to files outside of
skins (LP: #1781925)
- debian/patches/CVE-2018-14056.patch: Replace path traversal components
in skin names to ensure path traversal is not possible. Based on
upstream patch.
- CVE-2018-14056
-- Alex Murray <alex.mur...@canonical.com> Wed, 25 Jul 2018 16:08:05
+0930
** Changed in: znc (Ubuntu Xenial)
Status: In Progress => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1781925
Title:
Vulnerabilities in znc package CVE-2018-14055 CVE-2018-14056
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/znc/+bug/1781925/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
