diff options
| -rw-r--r-- | _data/sb_whatsnew.yml | 2 | ||||
| -rw-r--r-- | _data/security.yml | 21 | ||||
| -rw-r--r-- | _posts/2017-01-05-irssi-1.0.0-released.markdown | 1 | ||||
| -rw-r--r-- | _posts/2017-02-05-irssi-1.0.1-released.markdown | 1 | ||||
| -rw-r--r-- | _posts/2017-03-11-irssi-1.0.2-released.markdown | 5 | ||||
| -rw-r--r-- | _posts/2017-06-06-irssi-1.0.3-released.markdown | 5 | ||||
| -rw-r--r-- | _posts/2017-07-07-irssi-1.0.4-released.markdown | 41 | ||||
| -rw-r--r-- | download/index.markdown | 2 | ||||
| -rw-r--r-- | security/irssi_sa_2017_07.txt | 75 |
9 files changed, 147 insertions, 6 deletions
diff --git a/_data/sb_whatsnew.yml b/_data/sb_whatsnew.yml index e83f52f..cf1fc32 100644 --- a/_data/sb_whatsnew.yml +++ b/_data/sb_whatsnew.yml @@ -1,5 +1,5 @@ - - key: irssi-1.0.3-released + key: irssi-1.0.4-released tag: Security - key: fuzzing-irssi diff --git a/_data/security.yml b/_data/security.yml index 5494e2b..a7a1177 100644 --- a/_data/security.yml +++ b/_data/security.yml @@ -254,3 +254,24 @@ fixed_version: 1.0.3 credit: 'Joseph Bisch' description: 'Out of bounds read when parsing incorrectly quoted DCC files' +- + name: IRSSI-SA-2017-07 + release_date: 2017-07-07 + git_commit: 5e26325317c72a04c1610ad952974e206384d291 + bugs: + - + cve: CVE-2017-10965 + exploitable_by: server + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'NULL pointer dereference when receiving messages with invalid timestamp' + - + cve: CVE-2017-10966 + exploitable_by: client + affected_versions: + to: 1.0.3 + fixed_version: 1.0.4 + credit: Brian 'geeknik' Carpenter of Geeknik Labs + description: 'Use after free after nicklist structure has been corrupted while updating a nick group' diff --git a/_posts/2017-01-05-irssi-1.0.0-released.markdown b/_posts/2017-01-05-irssi-1.0.0-released.markdown index acb18ab..b777698 100644 --- a/_posts/2017-01-05-irssi-1.0.0-released.markdown +++ b/_posts/2017-01-05-irssi-1.0.0-released.markdown @@ -32,6 +32,7 @@ Some hi(gh)lights: * /channel /server /network now support modify subcommand. By Jari Matilainen * New option sasl_disconnect_on_failure to disconnect when SASL log-in failed + This release can be downloaded from [our releases page](https://github.com/irssi/irssi/releases). Binary test packages for various Linux distributions are automatically generated by the diff --git a/_posts/2017-02-05-irssi-1.0.1-released.markdown b/_posts/2017-02-05-irssi-1.0.1-released.markdown index 0db5aa5..49a88ca 100644 --- a/_posts/2017-02-05-irssi-1.0.1-released.markdown +++ b/_posts/2017-02-05-irssi-1.0.1-released.markdown @@ -12,6 +12,7 @@ version**. See the [NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.1/NEWS) for details. + This release can be downloaded from [our releases page](https://github.com/irssi/irssi/releases). Binary test packages for various Linux distributions are automatically generated by the diff --git a/_posts/2017-03-11-irssi-1.0.2-released.markdown b/_posts/2017-03-11-irssi-1.0.2-released.markdown index a2c9bbe..d74f4ed 100644 --- a/_posts/2017-03-11-irssi-1.0.2-released.markdown +++ b/_posts/2017-03-11-irssi-1.0.2-released.markdown @@ -24,6 +24,9 @@ this problem, or apply the you need proper Unicode-aware regexen in `/hilight` and `/ignore` as an intermediate solution. +Read the [security advisory](/security/irssi_sa_2017_03.txt). + + This release can be downloaded from [our releases page](https://github.com/irssi/irssi/releases). Binary test packages for various Linux distributions are automatically generated by the @@ -35,8 +38,6 @@ repository. Please check with your distro whether they provide officially updated packages. -Read the [security advisory](/security/irssi_sa_2017_03.txt). - We currently do not have any alternate advice. The Irssi Team. diff --git a/_posts/2017-06-06-irssi-1.0.3-released.markdown b/_posts/2017-06-06-irssi-1.0.3-released.markdown index f202851..ed5cb5b 100644 --- a/_posts/2017-06-06-irssi-1.0.3-released.markdown +++ b/_posts/2017-06-06-irssi-1.0.3-released.markdown @@ -8,6 +8,9 @@ in Irssi as well as a few bug fixes, the most notable that TLS can now be disabl [NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.3/NEWS) for details. +Read the [security advisory](/security/irssi_sa_2017_06.txt). + + This release can be downloaded from [our releases page](https://github.com/irssi/irssi/releases). Binary test packages for various Linux distributions are automatically generated by the @@ -20,8 +23,6 @@ Please check with your distro whether they provide officially updated packages. Debian users can refer to the [security tracker](https://security-tracker.debian.org/tracker/source-package/irssi) to follow the security status of their distro. -Read the [security advisory](/security/irssi_sa_2017_06.txt). - We currently do not have any alternate advice. The Irssi Team. diff --git a/_posts/2017-07-07-irssi-1.0.4-released.markdown b/_posts/2017-07-07-irssi-1.0.4-released.markdown new file mode 100644 index 0000000..b12be88 --- /dev/null +++ b/_posts/2017-07-07-irssi-1.0.4-released.markdown @@ -0,0 +1,41 @@ +--- +layout: post +title: "Irssi 1.0.4 Released" +--- + +Irssi 1.0.4 has been released. This release fixes two remote crash +issues in Irssi as well as a few bugs, correcting a mistake that +was introduced in 1.0.3 while parsing some time-related +settings. There are no new features. **All Irssi users should upgrade +to this version**. See the +[NEWS](//raw.githubusercontent.com/irssi/irssi/1.0.4/NEWS) for +details. + +Our bug reporter Brian 'geeknik' Carpenter writes: + +> 34 days after reading [Fuzzing Irssi]({% post_url +2017-05-12-fuzzing-irssi %}), my AFL instance was finally able to +trigger a null pointer dereference in irssi 1.0.2. [...] Hopefully this one isn't fixed yet. +> +> 35 days after reading Fuzzing Irssi, my AFL +instance triggered a heap-use-after-free in irssi 1.0.2. Compiled on Debian +8 x64 following the instructions and patches of the referenced article. (; + +For more information refer to the [security advisory](/security/irssi_sa_2017_07.txt). + +Thanks, Brian! + +This release can be downloaded from [our releases +page](https://github.com/irssi/irssi/releases). Binary test packages +for various Linux distributions are automatically generated by the +[openSUSE Build Service](https://build.opensuse.org/) and are +available for download in the +[irssi-test](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-test;package=irssi) +repository. + +Please check with your distro whether they provide officially updated +packages. + +We currently do not have any alternate advice. + +The Irssi Team. diff --git a/download/index.markdown b/download/index.markdown index 8c4ecc9..01d8f2d 100644 --- a/download/index.markdown +++ b/download/index.markdown @@ -3,7 +3,7 @@ layout: page title: Getting Irssi permalink: /download/ categories: [ _nav, _6 ] -version: 1.0.3 +version: 1.0.4 --- There are several ways you can get Irssi<span class="hidden-md hidden-lg">:</span> diff --git a/security/irssi_sa_2017_07.txt b/security/irssi_sa_2017_07.txt new file mode 100644 index 0000000..90229ac --- /dev/null +++ b/security/irssi_sa_2017_07.txt @@ -0,0 +1,75 @@ +IRSSI-SA-2017-07 Irssi Security Advisory [1] +============================================ +CVE-2017-10965, CVE-2017-10966. + +Description +----------- + +Two vulnerabilities have been located in Irssi. + +(a) When receiving messages with invalid time stamps, Irssi would try + to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter + of Geeknik Labs. (CWE-690) + + CVE-2017-10965 [2] was assigned to this bug + +(b) While updating the internal nick list, Irssi may incorrectly use + the GHashTable interface and free the nick while updating it. This + will then result in use-after-free conditions on each access of + the hash table. Found by Brian 'geeknik' Carpenter of Geeknik + Labs. (CWE-416 caused by CWE-227) + + CVE-2017-10966 [3] was assigned to this bug + + +Impact +------ + +(a) May result in denial of service (remote crash). + +(b) Undefined behaviour. + + +Affected versions +----------------- + +All Irssi versions that we observed. + + +Fixed in +-------- + +Irssi 1.0.4 + + +Recommended action +------------------ + +Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the +1.0 series, without any new features. + +After installing the updated packages, one can issue the /upgrade +command to load the new binary. TLS connections will require +/reconnect. + + +Mitigating facts +---------------- + +(a) requires control over the ircd + +(b) should not happen with a conforming ircd + + +Patch +----- + +https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 + + +References +---------- + +[1] https://irssi.org/security/irssi_sa_2017_07.txt +[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 +[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 |