diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-06 23:21:02 +0200 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2017-06-06 23:21:02 +0200 |
commit | 1706fdbf5cfd1d206b2414151dd71185f734bd79 (patch) | |
tree | d6b8836bf8cd30632dc432dfda2f23725fd96add /security/irssi_sa_2017_06.txt | |
parent | fd53599884a1c1016429f7bce790ce5a600bb2ee (diff) | |
download | irssi.github.io-1706fdbf5cfd1d206b2414151dd71185f734bd79.zip |
Release Irssi 1.0.3
Diffstat (limited to 'security/irssi_sa_2017_06.txt')
-rw-r--r-- | security/irssi_sa_2017_06.txt | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/security/irssi_sa_2017_06.txt b/security/irssi_sa_2017_06.txt new file mode 100644 index 0000000..5f0cfd8 --- /dev/null +++ b/security/irssi_sa_2017_06.txt @@ -0,0 +1,66 @@ +IRSSI-SA-2017-06 Irssi Security Advisory [1] +============================================ + +Description +----------- + +Two vulnerabilities have been located in Irssi. + +(a) When receiving a DCC message without source nick/host, Irssi would + attempt to dereference a NULL pointer. Found by Joseph + Bisch. (CWE-690) + +(b) When receiving certain incorrectly quoted DCC files, Irssi would + try to find the terminating quote outside of allocated + memory. Found by Joseph Bisch. (CWE-129, CWE-127) + + +Impact +------ + +(a) May result in denial of service (remote crash). + +(b) May result in denial of service (remote crash), but in practice + this seems to be very unlikely unless address sanitizer is + enabled. + + +Affected versions +----------------- + +All Irssi versions that we observed. + + +Fixed in +-------- + +Irssi 1.0.3 + + +Recommended action +------------------ + +Upgrade to Irssi 1.0.3. Irssi 1.0.3 is a maintenance release in the +1.0 series, without any new features. + +After installing the updated packages, one can issue the /upgrade +command to load the new binary. TLS connections will require +/reconnect. + + +Mitigating facts +---------------- + +(a) requires control over the ircd + + +Patch +----- + +https://github.com/irssi/irssi/commit/fb08fc7f1aa6b2e616413d003bf021612301ad55 + + +References +---------- + +[1] https://irssi.org/security/irssi_sa_2017_06.txt |