UnrealIRCd and CVE-2016-0701

News about the UnrealIRCd project, including release announcements
Post Reply
Syzop
UnrealIRCd head coder
Posts: 1813
Joined: Sat Mar 06, 2004 8:57 pm
Location: .nl
Contact:

UnrealIRCd and CVE-2016-0701

Post by Syzop » Fri Jan 29, 2016 5:44 pm

Just in case anyone wonders if this OpenSSL CVE-2016-0701 security issue (which has severity "High") affects us:
  • UnrealIRCd 3.2.x is not vulnerable because it doesn't support this functionality.
  • UnrealIRCd 4 is not vulnerable because we use SSL_OP_SINGLE_DH_USE for safety
So no, it doesn't affect us and thus no need for a new UnrealIRCd release.

Post Reply