UnrealIRCd 5.0.9.1 released and update on OpenSSL crashbug
Posted: Fri Mar 26, 2021 7:55 am
Hi everyone,
UnrealIRCd 5.0.9.1 released: build improvements on *NIX
I've released UnrealIRCd 5.0.9.1 for *NIX. If you are already running 5.0.9 then there is absolutely NO reason to upgrade to this version. It ONLY improves the ./Config and ./configure script.
It fixes a problem where UnrealIRCd did not build on systems with low memory and no swap (even though that is kinda the sysadmins fault). And it also reduces the compile time by 2-5 minutes when the shipped c-ares library is used, eg if there is no system c-ares library available.
It is confirmed, OpenSSL crashbug also crashes UnrealIRCd on *NIX
A proof of concept exploit for the OpenSSL CVE-2021-3449 crash bug was released today. I've confirmed that it crashes UnrealIRCd if you have not updated to OpenSSL 1.1.1k. See the previous announcement for more information on that. Again, this is not a bug in UnrealIRCd itself but in OpenSSL, this is FYI only.
Windows build is unaffected by OpenSSL crashbug
Our Windows build of UnrealIRCd 5.0.9 uses LibreSSL. The proof of concept exploit is unable to crash it. The Windows version will thus stay at 5.0.9, since there is no LibreSSL upgrade and the 5.0.9.1 changes only affect compiling on *NIX.
As always you can download UnrealIRCd from https://www.unrealircd.org/
UnrealIRCd 5.0.9.1 released: build improvements on *NIX
I've released UnrealIRCd 5.0.9.1 for *NIX. If you are already running 5.0.9 then there is absolutely NO reason to upgrade to this version. It ONLY improves the ./Config and ./configure script.
It fixes a problem where UnrealIRCd did not build on systems with low memory and no swap (even though that is kinda the sysadmins fault). And it also reduces the compile time by 2-5 minutes when the shipped c-ares library is used, eg if there is no system c-ares library available.
It is confirmed, OpenSSL crashbug also crashes UnrealIRCd on *NIX
A proof of concept exploit for the OpenSSL CVE-2021-3449 crash bug was released today. I've confirmed that it crashes UnrealIRCd if you have not updated to OpenSSL 1.1.1k. See the previous announcement for more information on that. Again, this is not a bug in UnrealIRCd itself but in OpenSSL, this is FYI only.
Windows build is unaffected by OpenSSL crashbug
Our Windows build of UnrealIRCd 5.0.9 uses LibreSSL. The proof of concept exploit is unable to crash it. The Windows version will thus stay at 5.0.9, since there is no LibreSSL upgrade and the 5.0.9.1 changes only affect compiling on *NIX.
As always you can download UnrealIRCd from https://www.unrealircd.org/