Mailinglist Archive: opensuse-updates (123 mails)

< Previous Next >
openSUSE-SU-2017:2835-1: moderate: Security update for irssi
openSUSE Security Update: Security update for irssi
______________________________________________________________________________

Announcement ID: openSUSE-SU-2017:2835-1
Rating: moderate
References: #1064540
Cross-References: CVE-2017-15227 CVE-2017-15228 CVE-2017-15721
CVE-2017-15722 CVE-2017-15723
Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This security update for irssi to version 1.0.5 addresses the following
security issues:


* CVE-2017-15228: When installing themes with unterminated colour
formatting sequences, Irssi may access data beyond the end of the
string. This issue could have resulted in denial of service (remote
crash) when installing a malicious or broken theme file.
* CVE-2017-15227: While waiting for the channel synchronisation, Irssi may
incorrectly fail to remove destroyed channels from the query list,
resulting in use after free conditions when updating the state later on.
This issue could have caused denial of service (remote crash) when
connecting to a malicious or broken ircd.
* CVE-2017-15721: Certain incorrectly formatted DCC CTCP messages could
cause NULL pointer dereference. This issue could have caused denial of
service (remote crash) when connecting to a malicious or broken ircd.
* CVE-2017-15723: Overlong nicks or targets may result in a NULL pointer
dereference while splitting the message. This issue could have caused
denial of service (remote crash) when connecting to a malicious or
broken ircd.
* CVE-2017-15722: In certain cases Irssi may fail to verify that a Safe
channel ID is long enough, causing reads beyond the end of the string.


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2017-1189=1

To bring your system up-to-date, use "zypper patch".


Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (aarch64 ppc64le s390x
x86_64):

irssi-1.0.5-32.1
irssi-debuginfo-1.0.5-32.1
irssi-debugsource-1.0.5-32.1
irssi-devel-1.0.5-32.1


References:

https://www.suse.com/security/cve/CVE-2017-15227.html
https://www.suse.com/security/cve/CVE-2017-15228.html
https://www.suse.com/security/cve/CVE-2017-15721.html
https://www.suse.com/security/cve/CVE-2017-15722.html
https://www.suse.com/security/cve/CVE-2017-15723.html
https://bugzilla.suse.com/1064540


< Previous Next >
This Thread
  • No further messages