drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in irssi
Name: |
Zwei Probleme in irssi |
|
ID: |
DSA-3885-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian sid, Debian jessie, Debian stretch |
|
Datum: |
So, 18. Juni 2017, 11:01 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468 |
|
Applikationen: |
irssi |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3885-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 18, 2017 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : irssi CVE ID : CVE-2017-9468 CVE-2017-9469 Debian Bug : 864400
Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2017-9468
Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.
CVE-2017-9469
Joseph Bisch discovered that Irssi does not properly handle receiving incorrectly quoted DCC files. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.
For the oldstable distribution (jessie), these problems have been fixed in version 0.8.17-1+deb8u4.
For the stable distribution (stretch), these problems have been fixed in version 1.0.2-1+deb9u1.
For the unstable distribution (sid), these problems have been fixed in version 1.0.3-1.
We recommend that you upgrade your irssi packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAllGM+tfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0Rm2w/9GMVypsFaddIvAkbI+99U7HW4ktTmym8QxKCNasjPDh5QtM/HmMxTGat7 o2x9B93N8/JNebCRhDbYdjT8OodPhlLDfgUM1uwA0oUiVbpRnlgYQlg1wPm2JXJW Uiq9MMIJjVXQqKZiJCTy/Ux0ygWnWqmbdSUh7UslGexHmUB/uQd8Fth2MoYKNfi0 +VI2IwJjXdX6Z3CA0E8clegO0j/0Db4Bcvm+lvf2nwQ/5oDwAbdtFN4paHi1zfiE a0ksJM/VJh9l0mhAiGrt0FNQ59so+ME6Sha3f6/2GnIpIoDWrSCVceQBBoGJZlas PqP8KqSH/4wb9bDAfjWoHLOZwup6Sv2lYoAGSlhAuKzgXWJFj8iOgo7Blsn8Drrc k3y/st68qSZwzNOYPOB3VKY3YbvLfkZWg2XaD3t4F/+0errgszsWKVyIjBWkW2Cj s3ICBUp8eiYAb2Aud0uAIRcPcy/x/O7JkgYCzeaXsHzxD6sPKoW/4OWGlrryyI/e fKAVteoa+K1nk3tBc1Jaj4lxHSh01tUsCQc5csEtDQiPT/gwTsW3sQaipOSoEFTH VjI/9GNAGcarAZ8rhpOtgXbk5pl9na7/OL7Ne4RCQsEDoqBSluzJ/ggGK+8RmWOX rda2/2ZMwk+ic5UBb6DQh+fw4ZOl5iIYfTTyzNvBtxl/AM0Nfu4= =Bd44 -----END PGP SIGNATURE-----
|
|
|
|