diff options
author | Ailin Nemui <ailin@z30a.localdomain> | 2018-02-14 00:54:53 +0100 |
---|---|---|
committer | Ailin Nemui <ailin@z30a.localdomain> | 2018-02-14 23:06:37 +0100 |
commit | 813c12822a68983ab42905f5af364dcc9c7ffcdd (patch) | |
tree | b8e8986b0f1bfad0e20809b78b0e9a1a3235ce16 /security/irssi_sa_2017_07.txt | |
parent | 21f070359fe8174573deea8fea19ccd95dc3e51d (diff) | |
download | irssi.github.io-813c12822a68983ab42905f5af364dcc9c7ffcdd.zip |
enable security collections
Diffstat (limited to 'security/irssi_sa_2017_07.txt')
-rw-r--r-- | security/irssi_sa_2017_07.txt | 75 |
1 files changed, 0 insertions, 75 deletions
diff --git a/security/irssi_sa_2017_07.txt b/security/irssi_sa_2017_07.txt deleted file mode 100644 index 90229ac..0000000 --- a/security/irssi_sa_2017_07.txt +++ /dev/null @@ -1,75 +0,0 @@ -IRSSI-SA-2017-07 Irssi Security Advisory [1] -============================================ -CVE-2017-10965, CVE-2017-10966. - -Description ------------ - -Two vulnerabilities have been located in Irssi. - -(a) When receiving messages with invalid time stamps, Irssi would try - to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter - of Geeknik Labs. (CWE-690) - - CVE-2017-10965 [2] was assigned to this bug - -(b) While updating the internal nick list, Irssi may incorrectly use - the GHashTable interface and free the nick while updating it. This - will then result in use-after-free conditions on each access of - the hash table. Found by Brian 'geeknik' Carpenter of Geeknik - Labs. (CWE-416 caused by CWE-227) - - CVE-2017-10966 [3] was assigned to this bug - - -Impact ------- - -(a) May result in denial of service (remote crash). - -(b) Undefined behaviour. - - -Affected versions ------------------ - -All Irssi versions that we observed. - - -Fixed in --------- - -Irssi 1.0.4 - - -Recommended action ------------------- - -Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the -1.0 series, without any new features. - -After installing the updated packages, one can issue the /upgrade -command to load the new binary. TLS connections will require -/reconnect. - - -Mitigating facts ----------------- - -(a) requires control over the ircd - -(b) should not happen with a conforming ircd - - -Patch ------ - -https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 - - -References ----------- - -[1] https://irssi.org/security/irssi_sa_2017_07.txt -[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 -[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 |