drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in irssi
Name: |
Mehrere Probleme in irssi |
|
ID: |
USN-3527-1 |
|
Distribution: |
Ubuntu |
|
Plattformen: |
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 17.04, Ubuntu 17.10 |
|
Datum: |
Mi, 10. Januar 2018, 16:35 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205 |
|
Applikationen: |
irssi |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --===============1288774231474993879== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Mp0mutptiG3bVXBjhAFOQm4W5Bdc3aPbI"
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Mp0mutptiG3bVXBjhAFOQm4W5Bdc3aPbI Content-Type: multipart/mixed; boundary="OoQ4efWgQ57bQ0kOkcEe6MNNLLoEnvjjK"; protected-headers="v1" From: Marc Deslauriers <marc.deslauriers@canonical.com> Reply-To: Ubuntu Security <security@ubuntu.com> To: ubuntu-security-announce@lists.ubuntu.com Message-ID: <7e6da181-a963-2014-097c-2fc6d6a45b7d@canonical.com> Subject: [USN-3527-1] Irssi vulnerabilities
--OoQ4efWgQ57bQ0kOkcEe6MNNLLoEnvjjK Content-Type: text/plain; charset=utf-8 Content-Language: en-C Content-Transfer-Encoding: quoted-printable
========================================================================== Ubuntu Security Notice USN-3527-1 January 10, 2018
irssi vulnerabilities ==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Irssi.
Software Description: - irssi: terminal based IRC client
Details:
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5205)
Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5206)
Joseph Bisch discovered that Irssi incorrectly handled incomplete variable arguments. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2018-5207)
Joseph Bisch discovered that Irssi incorrectly handled completing certain strings. An attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-5208)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 17.10: irssi 1.0.4-1ubuntu2.2
Ubuntu 17.04: irssi 0.8.20-2ubuntu2.3
Ubuntu 16.04 LTS: irssi 0.8.19-1ubuntu1.6
Ubuntu 14.04 LTS: irssi 0.8.15-5ubuntu3.4
After a standard system update you need to restart Irssi to make all the necessary changes.
References: https://www.ubuntu.com/usn/usn-3527-1 CVE-2018-5205, CVE-2018-5206, CVE-2018-5207, CVE-2018-5208
Package Information: https://launchpad.net/ubuntu/+source/irssi/1.0.4-1ubuntu2.2 https://launchpad.net/ubuntu/+source/irssi/0.8.20-2ubuntu2.3 https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.6 https://launchpad.net/ubuntu/+source/irssi/0.8.15-5ubuntu3.4
--OoQ4efWgQ57bQ0kOkcEe6MNNLLoEnvjjK--
--Mp0mutptiG3bVXBjhAFOQm4W5Bdc3aPbI Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCgAGBQJaVh3RAAoJEGVp2FWnRL6TV4cP/15N4POynO8fRF7Z+MTmmZTS tDyb6bRLtBrYQExOTPtu146tfbJiWwjTuzGvsAs2vlczurM1eyGv9oNBdwAJP64L 6/V5QeM1Aux1LMKpYzVtERhV6ymxCg+dIA4f6hHO/6nzg9GW7WHGZL3SMRp3UJmg 6GGG749u/nTqo8CS2F33ugeJU8TfrFglu/dQhAgg85yP/jtYgC8dL49RiBWr5Hsi KIeviBH4BUGTqv56jcr3t2d/7cy51Js1Bqm+0JaQkvDmH4J2g5DXSEQG77FVIFEm 8nOUcbQ2uy49t1+iii2mNDORKZexwkX6sjXUc+o/ML38RQmyYyh2/kWCPkwX3KYz mgUEDmlTpNl/x1yxxH6IiaZ9Fu3wCI6G0wKvZ1jsUm7gFuQOT3G+vjcUWuea+tD3 NdRU6xqWNx6me/7I1eo+VbTVC7Zb8wmIRskf608gavPlP26FcDOYhDQKPIj3Z/ZZ 6Rm3+F4381DK3d/kSkgbcNj6yv+TaIBS1qTncZfoa6jHOiXA/rOjvgAbIUejgEhX /io9hWhjqYsOngs0t/CE00SGt05TdpPLDhKN8W3sQ09krv0uKWzTsOb4IRFIfWMG DMY4UPnH/ZOVgNasIMa/BRHgQ4TfsSk33aSvDUuYWXmhOLpPLq7lDbcRdTj/QTvk Bo88wxRamhk63esVQkha =iiLG -----END PGP SIGNATURE-----
--Mp0mutptiG3bVXBjhAFOQm4W5Bdc3aPbI--
--===============1288774231474993879== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: base64 Content-Disposition: inline
LS0gCnVidW50dS1zZWN1cml0eS1hbm5vdW5jZSBtYWlsaW5nIGxpc3QKdWJ1bnR1LXNlY3VyaXR5 LWFubm91bmNlQGxpc3RzLnVidW50dS5jb20KTW9kaWZ5IHNldHRpbmdzIG9yIHVuc3Vic2NyaWJl IGF0OiBodHRwczovL2xpc3RzLnVidW50dS5jb20vbWFpbG1hbi9saXN0aW5mby91YnVudHUtc2Vj dXJpdHktYW5ub3VuY2UK
--===============1288774231474993879==--
|
|
|
|