[ircd-ratbox] ircd-ratbox-3.0.8 released(urgent security update)

Pierre Breau pierre.breau at breautech.com
Mon Dec 31 17:25:57 EST 2012

Happy new year 2013 :).


Pierre Breau

-----Original Message-----
From: ircd-ratbox [mailto:ircd-ratbox-bounces at lists.ratbox.org] On Behalf Of
Jilles Tjoelker
Sent: Monday, December 31, 2012 6:21 PM
To: androsyn
Cc: ircd-ratbox at lists.ratbox.org
Subject: Re: [ircd-ratbox] ircd-ratbox-3.0.8 released(urgent security

On Mon, Dec 31, 2012 at 05:01:07PM -0500, androsyn wrote:
> Well this is an embarrassing release for certain, turns out there was 
> a nasty little bug in the CAPAB handling code that allows for a remote 
> attacker to crash the ircd.  With that said, all admins are urged to 
> upgrade to ircd-ratbox-3.0.8 immediately.  See the link below for 
> further details, the link mentions Charybdis but really this impacts 
> all ircd-ratbox derived ircds.

> http://www.ratbox.org/ASA-2012-12-31.txt

> If you happen to be running a vunerable server and for whatever reason 
> cannot upgrade immediately, a /quote modunload m_capab.so should 
> mitigate the effects of the bug.

If you do this, note that making a new server link will then either fail
entirely or create a link that will not work properly. Caveat emptor.

Jilles Tjoelker
ircd-ratbox mailing list
ircd-ratbox at lists.ratbox.org

More information about the ircd-ratbox mailing list