Login
Login-Name Passwort


 
Newsletter
Werbung

Sicherheit: Zwei Probleme in irssi
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in irssi
ID: DSA-3885-1
Distribution: Debian
Plattformen: Debian sid, Debian jessie, Debian stretch
Datum: So, 18. Juni 2017, 11:01
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3885-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
June 18, 2017 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : irssi
CVE ID : CVE-2017-9468 CVE-2017-9469
Debian Bug : 864400

Multiple vulnerabilities have been discovered in Irssi, a terminal based
IRC client. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2017-9468

Joseph Bisch discovered that Irssi does not properly handle DCC
messages without source nick/host. A malicious IRC server can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

CVE-2017-9469

Joseph Bisch discovered that Irssi does not properly handle
receiving incorrectly quoted DCC files. A remote attacker can take
advantage of this flaw to cause Irssi to crash, resulting in a
denial of service.

For the oldstable distribution (jessie), these problems have been fixed
in version 0.8.17-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in
version 1.0.2-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in
version 1.0.3-1.

We recommend that you upgrade your irssi packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllGM+tfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0Rm2w/9GMVypsFaddIvAkbI+99U7HW4ktTmym8QxKCNasjPDh5QtM/HmMxTGat7
o2x9B93N8/JNebCRhDbYdjT8OodPhlLDfgUM1uwA0oUiVbpRnlgYQlg1wPm2JXJW
Uiq9MMIJjVXQqKZiJCTy/Ux0ygWnWqmbdSUh7UslGexHmUB/uQd8Fth2MoYKNfi0
+VI2IwJjXdX6Z3CA0E8clegO0j/0Db4Bcvm+lvf2nwQ/5oDwAbdtFN4paHi1zfiE
a0ksJM/VJh9l0mhAiGrt0FNQ59so+ME6Sha3f6/2GnIpIoDWrSCVceQBBoGJZlas
PqP8KqSH/4wb9bDAfjWoHLOZwup6Sv2lYoAGSlhAuKzgXWJFj8iOgo7Blsn8Drrc
k3y/st68qSZwzNOYPOB3VKY3YbvLfkZWg2XaD3t4F/+0errgszsWKVyIjBWkW2Cj
s3ICBUp8eiYAb2Aud0uAIRcPcy/x/O7JkgYCzeaXsHzxD6sPKoW/4OWGlrryyI/e
fKAVteoa+K1nk3tBc1Jaj4lxHSh01tUsCQc5csEtDQiPT/gwTsW3sQaipOSoEFTH
VjI/9GNAGcarAZ8rhpOtgXbk5pl9na7/OL7Ne4RCQsEDoqBSluzJ/ggGK+8RmWOX
rda2/2ZMwk+ic5UBb6DQh+fw4ZOl5iIYfTTyzNvBtxl/AM0Nfu4=
=Bd44
-----END PGP SIGNATURE-----
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung