Candidate: CVE-2017-6384
PublicDate: 2017-03-02 06:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6384
Description:
 Memory leak in the login_user function in saslserv/main.c in
 saslserv/main.so in Atheme 7.2.7 allows a remote unauthenticated attacker
 to consume memory and cause a denial of service. This is fixed in 7.2.8.
Ubuntu-Description:
Notes:
 tyhicks> Per Debian, "versions prior to 7.2.7 not vulnerable"
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855588
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_atheme-services:
upstream_atheme-services: released (7.2.9-1)
precise_atheme-services: DNE
trusty_atheme-services: not-affected
trusty/esm_atheme-services: DNE (trusty was not-affected)
vivid/stable-phone-overlay_atheme-services: DNE
vivid/ubuntu-core_atheme-services: DNE
xenial_atheme-services: not-affected
yakkety_atheme-services: not-affected (7.2.6-1)
devel_atheme-services: not-affected (7.2.9-1)