| Bug ID | 1001215 |
|---|---|
| Summary | VUL-1: CVE-2016-7553 irssi: Information disclosure in buf.pl |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.1 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Minor |
| Priority | P5 - None |
| Component | Security |
| Assignee | mrueckert@suse.com |
| Reporter | abergmann@suse.com |
| QA Contact | qa-bugs@suse.de |
| Found By | Security Response Team |
| Blocker | --- |
rh#1379270 An information disclosure vulnerability was found in the buf.pl core script for irssi. Other users on the same machine may be able to retrieve the whole window contents after /UPGRADE when the buf.pl script is loaded. Furthermore, this dump of the windows contents is never removed afterwards. External References: https://irssi.org/2016/09/22/buf.pl-update/ Upstream fix: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a References: https://bugzilla.redhat.com/show_bug.cgi?id=1379270 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7553 http://seclists.org/oss-sec/2016/q3/605 http://seclists.org/oss-sec/2016/q3/612