Fedora 12 : ircd-hybrid-7.2.3-11.fc12 / ircd-ratbox-2.2.8-7.fc12 (2010-9312)
Medium Nessus Plugin ID 47529
SynopsisThe remote Fedora host is missing one or more security updates.
DescriptionTwo vulnerabilities were reported in ircd-hybrid, ircd-ratbox, and oftc-hybrid. The first is an integer overflow that can lead to a denial of service or, possibly, the execution of arbitrary code on the ircd server (CVE-2009-4016 (patch )), the second is a NULL pointer dereference that can lead to a denial of service of the ircd server (CVE-2010-0300 (patch )). This has been corrected in upstream ircd-ratbox 2.2.9 . CVE-2010-0300 may be ircd- ratbox specific, however CVE-2009-4016 affects both ircd servers.  http://ircd.ratbox.org/cgi-bin/index.cgi/ircd- ratbox/branches/RATBOX_3_0/src/cache.c?r1=26334&r2=26732  http://trac.oftc.net/projects/oftc-hybrid/changeset/1062  http://lists.ratbox.org/pipermail/ircd-ratbox/2010-January/000891.html
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected ircd-hybrid and / or ircd-ratbox packages.