drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in irssi
Name: |
Mehrere Probleme in irssi |
|
ID: |
USN-3184-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 12.04 LTS, Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 16.10 |
|
Datum: |
Mi, 1. Februar 2017, 22:45 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195 |
|
Applikationen: |
irssi |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============6502151434944737569== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="wEerR4WgePBPO7xpVuHLAwtbWwokghJL9"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wEerR4WgePBPO7xpVuHLAwtbWwokghJL9 Content-Type: multipart/mixed; boundary="AhlQwjKj75bVglJpkJqCR3BdJN4FmWmeq" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: "ubuntu-security-announce@lists.ubuntu.com" <ubuntu-security-announce@lists.ubuntu.com> Message-ID: <d7eda192-e4a7-1315-68e4-05bb206da390@canonical.com> Subject: [USN-3184-1] Irssi vulnerabilities
--AhlQwjKj75bVglJpkJqCR3BdJN4FmWmeq Content-Type: text/plain; charset=utf- Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3184-1 February 01, 2017
irssi vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.10 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS - Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Irssi.
Software Description: - irssi: terminal based IRC client
Details:
It was discovered that the Irssi buf.pl script set incorrect permissions. A local attacker could use this issue to retrieve another user's window contents. (CVE-2016-7553)
Joseph Bisch discovered that Irssi incorrectly handled comparing nicks. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5193)
It was discovered that Irssi incorrectly handled invalid nick messages. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2017-5194)
Joseph Bisch discovered that Irssi incorrectly handled certain incomplete control codes. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5195)
Hanno Böck and Joseph Bisch discovered that Irssi incorrectly handled certain incomplete character sequences. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 16.10. (CVE-2017-5196)
Hanno Böck discovered that Irssi incorrectly handled certain format strings. A remote attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-5356)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.10: irssi 0.8.19-1ubuntu2.1
Ubuntu 16.04 LTS: irssi 0.8.19-1ubuntu1.3
Ubuntu 14.04 LTS: irssi 0.8.15-5ubuntu3.1
Ubuntu 12.04 LTS: irssi 0.8.15-4ubuntu3.1
After a standard system update you need to restart Irssi to make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-3184-1 CVE-2016-7553, CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356
Package Information: https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu2.1 https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.3 https://launchpad.net/ubuntu/+source/irssi/0.8.15-5ubuntu3.1 https://launchpad.net/ubuntu/+source/irssi/0.8.15-4ubuntu3.1
--AhlQwjKj75bVglJpkJqCR3BdJN4FmWmeq--
--wEerR4WgePBPO7xpVuHLAwtbWwokghJL9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2
iQIcBAEBCgAGBQJYkjHoAAoJEGVp2FWnRL6TKVUQAJoyFL3A9mALug/PfjPBDXsM EM0J72FJ04sRkNMFQVSGaheuzbr7sErzrqC7IASeiAKLu9q9ovgEvYmFUM1yQlVq AKrXRWb9gVQqgAtU1jUD+2Go0fL2S9JZu9zaEdj40gcfwnkR+p01KV5+hmGCNqeI P6EXbtiSIi+0boAXUTZzdzB5FLbTI0+TY2Ow2smjUZIb12PKjJZlL4+de116V9xX 4LcfOnXK8bk24Z7IpzH5KuSA/+Xdir/AR1HHs5eqEXrI05vn/0VLOfvZqL4427RU u9EaUg5HwojaB1tLvl4LVCv50/pZrivwrPGa4TblKPcDRTg2lbp/LcZ+coUHuihk WIajoclCfYaClG6EZViPKaN+kerCefVV8X+cCdbBPumliMj7SsfKwFAPT6pBY7rg drLLvWQ3IWqlJcgiCMpOpt/HsLvEF93f0J+am/v4Wvw8R22+ArT6QFgZWc7/wwQb z2eu39KXGBGNZ+dN/+Egu+ZO8gtwWy+7B6bDB9zH1Dp08UCnqven702c85m4zBqb FSJqZsCRnRlN5lx5QgZUGuTFnPj9CEqGwVznMQqVnE2uxxaq+YeYz+DvruZrWOL4 /sskSAQ5qv+PD6TOZ4YEUyeFrsGI9unzAsXeebQKHgSzYQHRktsUxVWBqt66wLpf EuyoNXJhM20Bxg3KWvbc =/tQO -----END PGP SIGNATURE-----
--wEerR4WgePBPO7xpVuHLAwtbWwokghJL9--
--===============6502151434944737569== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline
-- ubuntu-security-announce mailing list ubuntu-security-announce@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce
--===============6502151434944737569==--
|
|
|
|