On Fri, Aug 23, 2013 at 10:59:37PM +0200, Alexander Barton wrote:
A severe bug in ngIRCd 18 up to and including 20.2 has been discovered which will crash the daemon (denial of service) and can happen when the daemon fails to send the optional "notice auth" message to new clients connecting to the server (CVE-2013-5580).
And if you can't or don't want to upgrade to ngIRCd 20.3 immediately, you can disable "NoticeAuth" in your ngircd.conf file and "rehash" the daemon on runtime, either by "killall -HUP ngircd" (or equivalent) or by using the IRC "REHASH" command as IRC Operator.
No restart required.
And to make it clear: all (default) installations that don't have "NoticeAuth" enabled don't have to upgrade immediately: they are NOT affected at all ...
Regards Alex