You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa irssi

Sigurnosni nedostaci programskog paketa irssi

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3885-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2017 https://www.debian.org/security/faq
– ————————————————————————-

Package : irssi
CVE ID : CVE-2017-9468 CVE-2017-9469
Debian Bug : 864400

Multiple vulnerabilities have been discovered in Irssi, a terminal based
IRC client. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2017-9468

Joseph Bisch discovered that Irssi does not properly handle DCC
messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

CVE-2017-9469

Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.8.17-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.3-1.

We recommend that you upgrade your irssi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllGM+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rm2w/9GMVypsFaddIvAkbI+99U7HW4ktTmym8QxKCNasjPDh5QtM/HmMxTGat7
o2x9B93N8/JNebCRhDbYdjT8OodPhlLDfgUM1uwA0oUiVbpRnlgYQlg1wPm2JXJW
Uiq9MMIJjVXQqKZiJCTy/Ux0ygWnWqmbdSUh7UslGexHmUB/uQd8Fth2MoYKNfi0
+VI2IwJjXdX6Z3CA0E8clegO0j/0Db4Bcvm+lvf2nwQ/5oDwAbdtFN4paHi1zfiE
a0ksJM/VJh9l0mhAiGrt0FNQ59so+ME6Sha3f6/2GnIpIoDWrSCVceQBBoGJZlas
PqP8KqSH/4wb9bDAfjWoHLOZwup6Sv2lYoAGSlhAuKzgXWJFj8iOgo7Blsn8Drrc
k3y/st68qSZwzNOYPOB3VKY3YbvLfkZWg2XaD3t4F/+0errgszsWKVyIjBWkW2Cj
s3ICBUp8eiYAb2Aud0uAIRcPcy/x/O7JkgYCzeaXsHzxD6sPKoW/4OWGlrryyI/e
fKAVteoa+K1nk3tBc1Jaj4lxHSh01tUsCQc5csEtDQiPT/gwTsW3sQaipOSoEFTH
VjI/9GNAGcarAZ8rhpOtgXbk5pl9na7/OL7Ne4RCQsEDoqBSluzJ/ggGK+8RmWOX
rda2/2ZMwk+ic5UBb6DQh+fw4ZOl5iIYfTTyzNvBtxl/AM0Nfu4=
=Bd44
—–END PGP SIGNATURE—–

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa gnutls28

Otkriven je sigurnosni nedostatak u programskom paketu gnutls28 za operacijski sustav Debian. Otkriveni nedostatak potencijalnim napadačima omogućuje rušenje servisa. Savjetuje...

Close