Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 3885-1] irssi security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 3885-1] irssi security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Salvatore Bonaccorso <carnil AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 3885-1] irssi security update
  • Date: Sun, 18 Jun 2017 08:04:36 +0000
  • List-archive: https://lists.debian.org/msgid-search/E1dMVCG-00056L-1i AT master.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-return-path: <carnil AT master.debian.org>
  • Priority: urgent
  • Resent-date: Sun, 18 Jun 2017 08:04:56 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <0rJW7186kIK.A.NID.oQjRZB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3885-1 security AT debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : irssi
CVE ID : CVE-2017-9468 CVE-2017-9469
Debian Bug : 864400

Multiple vulnerabilities have been discovered in Irssi, a terminal based
IRC client. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2017-9468

Joseph Bisch discovered that Irssi does not properly handle DCC
messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

CVE-2017-9469

Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.8.17-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.3-1.

We recommend that you upgrade your irssi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllGM+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rm2w/9GMVypsFaddIvAkbI+99U7HW4ktTmym8QxKCNasjPDh5QtM/HmMxTGat7
o2x9B93N8/JNebCRhDbYdjT8OodPhlLDfgUM1uwA0oUiVbpRnlgYQlg1wPm2JXJW
Uiq9MMIJjVXQqKZiJCTy/Ux0ygWnWqmbdSUh7UslGexHmUB/uQd8Fth2MoYKNfi0
+VI2IwJjXdX6Z3CA0E8clegO0j/0Db4Bcvm+lvf2nwQ/5oDwAbdtFN4paHi1zfiE
a0ksJM/VJh9l0mhAiGrt0FNQ59so+ME6Sha3f6/2GnIpIoDWrSCVceQBBoGJZlas
PqP8KqSH/4wb9bDAfjWoHLOZwup6Sv2lYoAGSlhAuKzgXWJFj8iOgo7Blsn8Drrc
k3y/st68qSZwzNOYPOB3VKY3YbvLfkZWg2XaD3t4F/+0errgszsWKVyIjBWkW2Cj
s3ICBUp8eiYAb2Aud0uAIRcPcy/x/O7JkgYCzeaXsHzxD6sPKoW/4OWGlrryyI/e
fKAVteoa+K1nk3tBc1Jaj4lxHSh01tUsCQc5csEtDQiPT/gwTsW3sQaipOSoEFTH
VjI/9GNAGcarAZ8rhpOtgXbk5pl9na7/OL7Ne4RCQsEDoqBSluzJ/ggGK+8RmWOX
rda2/2ZMwk+ic5UBb6DQh+fw4ZOl5iIYfTTyzNvBtxl/AM0Nfu4=
=Bd44
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 3885-1] irssi security update, Salvatore Bonaccorso, 18.06.2017

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang