![](https://seccdn.libravatar.org/avatar/099a17325bdf082b643d1a6bbacde279.jpg?s=120&d=mm&r=g)
openSUSE Security Update: Security update for irssi ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0094-1 Rating: moderate References: #1018357 Cross-References: CVE-2017-5193 CVE-2017-5194 CVE-2017-5195 CVE-2017-5196 Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357) - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: out of bounds read in certain incomplete control codes - CVE-2017-5195: out of bounds read in certain incomplete character sequences - CVE-2017-5196: Correct an error when receiving invalid nick message Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2017-67=1 To bring your system up-to-date, use "zypper patch". Package List: - SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x x86_64): irssi-0.8.21-12.1 irssi-debuginfo-0.8.21-12.1 irssi-debugsource-0.8.21-12.1 irssi-devel-0.8.21-12.1 References: https://www.suse.com/security/cve/CVE-2017-5193.html https://www.suse.com/security/cve/CVE-2017-5194.html https://www.suse.com/security/cve/CVE-2017-5195.html https://www.suse.com/security/cve/CVE-2017-5196.html https://bugzilla.suse.com/1018357