You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa irssi

Sigurnosni nedostaci programskog paketa irssi

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3527-1
January 10, 2018

irssi vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in Irssi.

Software Description:
– irssi: terminal based IRC client

Details:

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape
codes. If a user were tricked into using malformed commands or opening
malformed files, an attacker could use this issue to cause Irssi to crash,
resulting in a denial of service. (CVE-2018-5205)

Joseph Bisch discovered that Irssi incorrectly handled settings the channel
topic without specifying a sender. A malicious IRC server could use this
issue to cause Irssi to crash, resulting in a denial of service.
(CVE-2018-5206)

Joseph Bisch discovered that Irssi incorrectly handled incomplete variable
arguments. If a user were tricked into using malformed commands or opening
malformed files, an attacker could use this issue to cause Irssi to crash,
resulting in a denial of service. (CVE-2018-5207)

Joseph Bisch discovered that Irssi incorrectly handled completing certain
strings. An attacker could use this issue to cause Irssi to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2018-5208)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
irssi 1.0.4-1ubuntu2.2

Ubuntu 17.04:
irssi 0.8.20-2ubuntu2.3

Ubuntu 16.04 LTS:
irssi 0.8.19-1ubuntu1.6

Ubuntu 14.04 LTS:
irssi 0.8.15-5ubuntu3.4

After a standard system update you need to restart Irssi to make all the
necessary changes.

References:
https://www.ubuntu.com/usn/usn-3527-1
CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208

Package Information:
https://launchpad.net/ubuntu/+source/irssi/1.0.4-1ubuntu2.2
https://launchpad.net/ubuntu/+source/irssi/0.8.20-2ubuntu2.3
https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.6
https://launchpad.net/ubuntu/+source/irssi/0.8.15-5ubuntu3.4

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCgAGBQJaVh3RAAoJEGVp2FWnRL6TV4cP/15N4POynO8fRF7Z+MTmmZTS
tDyb6bRLtBrYQExOTPtu146tfbJiWwjTuzGvsAs2vlczurM1eyGv9oNBdwAJP64L
6/V5QeM1Aux1LMKpYzVtERhV6ymxCg+dIA4f6hHO/6nzg9GW7WHGZL3SMRp3UJmg
6GGG749u/nTqo8CS2F33ugeJU8TfrFglu/dQhAgg85yP/jtYgC8dL49RiBWr5Hsi
KIeviBH4BUGTqv56jcr3t2d/7cy51Js1Bqm+0JaQkvDmH4J2g5DXSEQG77FVIFEm
8nOUcbQ2uy49t1+iii2mNDORKZexwkX6sjXUc+o/ML38RQmyYyh2/kWCPkwX3KYz
mgUEDmlTpNl/x1yxxH6IiaZ9Fu3wCI6G0wKvZ1jsUm7gFuQOT3G+vjcUWuea+tD3
NdRU6xqWNx6me/7I1eo+VbTVC7Zb8wmIRskf608gavPlP26FcDOYhDQKPIj3Z/ZZ
6Rm3+F4381DK3d/kSkgbcNj6yv+TaIBS1qTncZfoa6jHOiXA/rOjvgAbIUejgEhX
/io9hWhjqYsOngs0t/CE00SGt05TdpPLDhKN8W3sQ09krv0uKWzTsOb4IRFIfWMG
DMY4UPnH/ZOVgNasIMa/BRHgQ4TfsSk33aSvDUuYWXmhOLpPLq7lDbcRdTj/QTvk
Bo88wxRamhk63esVQkha
=iiLG
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Nadogradnja za Adobe Flash Player

Adobe je izdao nadogradnju za otklanjanje ranjivosti programskog paketa Adobe Flash Player. Otkrivena ranjivost posljedica je čitanja podataka izvan granica...

Close