Upstream information

CVE-2024-39844 at MITRE

Description

In ZNC before 1.9.1, remote code execution can occur in modtcl via a KICK.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

SUSE Bugzilla entry: 1227393 [IN_PROGRESS]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Package Hub 15 SP6
  • znc >= 1.9.1-bp156.2.3.1
  • znc-devel >= 1.9.1-bp156.2.3.1
  • znc-lang >= 1.9.1-bp156.2.3.1
  • znc-perl >= 1.9.1-bp156.2.3.1
  • znc-python3 >= 1.9.1-bp156.2.3.1
  • znc-tcl >= 1.9.1-bp156.2.3.1
 Patchnames:
openSUSE-2024-203
openSUSE Leap 15.6
  • znc >= 1.9.1-bp156.2.3.1
  • znc-devel >= 1.9.1-bp156.2.3.1
  • znc-lang >= 1.9.1-bp156.2.3.1
  • znc-perl >= 1.9.1-bp156.2.3.1
  • znc-python3 >= 1.9.1-bp156.2.3.1
  • znc-tcl >= 1.9.1-bp156.2.3.1
 Patchnames:
openSUSE-2024-203
openSUSE Tumbleweed
  • znc >= 1.9.1-1.1
  • znc-devel >= 1.9.1-1.1
  • znc-lang >= 1.9.1-1.1
  • znc-perl >= 1.9.1-1.1
  • znc-python3 >= 1.9.1-1.1
  • znc-tcl >= 1.9.1-1.1
 Patchnames:
openSUSE-Tumbleweed-2024-14115

SUSE Timeline for this CVE

CVE page created: Wed Jul 3 20:00:13 2024
CVE page last modified: Sun Nov 2 00:21:42 2025