diff options
| -rw-r--r-- | _includes/sb_whatsnew.html | 2 | ||||
| -rw-r--r-- | _posts/2016-09-21-irssi-0.8.20-released.markdown | 37 | ||||
| -rw-r--r-- | download/index.markdown | 4 | ||||
| -rw-r--r-- | security/irssi_sa_2016.txt | 102 | ||||
| -rw-r--r-- | security/sa_patch.pl | 2 |
5 files changed, 144 insertions, 3 deletions
diff --git a/_includes/sb_whatsnew.html b/_includes/sb_whatsnew.html index 1e9161d..c5d4fa5 100644 --- a/_includes/sb_whatsnew.html +++ b/_includes/sb_whatsnew.html @@ -1,3 +1,3 @@ +<p><small>2016-09-21</small> <a href="/2016/09/21/irssi-0.8.20-released">Irssi 0.8.20 has been released!</a> </p> <p><small>2016-03-24</small> <a href="/2016/03/24/irssi-0.8.19-released">Irssi 0.8.19 has been released!</a> </p> -<p><small>2016-02-29</small> <a href="/2016/02/29/irssi-0.8.18-released">Irssi 0.8.18 has been released!</a> </p> <p><small>2015-12-15</small> <a href="/2015/12/14/irssi-website-now-on-github-pages">Irssi site now on github pages!</a> </p> diff --git a/_posts/2016-09-21-irssi-0.8.20-released.markdown b/_posts/2016-09-21-irssi-0.8.20-released.markdown new file mode 100644 index 0000000..d388f6c --- /dev/null +++ b/_posts/2016-09-21-irssi-0.8.20-released.markdown @@ -0,0 +1,37 @@ +--- +layout: post +title: "Irssi 0.8.20 Released" +--- + +Irssi 0.8.20 has been released. This release fixes two remote crash +issues in Irssi 0.8.17 and later. There are no new features. **All +users should upgrade to this version**. See the +[NEWS](//raw.githubusercontent.com/irssi/irssi/0.8.20/NEWS) for +details. + +This release can be downloaded from [our releases +page](https://github.com/irssi/irssi/releases). Binary test packages +for various Linux distributions are automatically generated by the +[openSUSE Build Service](https://build.opensuse.org/) and are +available for download in the +[irssi-test](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-test;package=irssi) +repository. Please check with your distro whether they provide +officially updated packages. + +Read the [security advisory](/security/irssi_sa_2016.txt). + +Furthermore, we are always looking for testers of the development +version. Binaries of the current git development version are +automatically packaged in the +[irssi-git](https://software.opensuse.org/download.html?project=home:ailin_nemui:irssi-git;package=irssi-git) +repository. The current development source code can be downloaded from +[GitHub](https://github.com/irssi/irssi). Some more information on the +[Contributing](https://irssi.org/development/) page. Report +[Issues](https://github.com/irssi/irssi/issues) and do not hesitate to +send in [Patches](https://github.com/irssi/irssi/pulls)! + +Remember to follow Irssi on +[Twitter](https://twitter.com/IrssiProject), or pop into `#irssi` on +Freenode. + +The Irssi Team. diff --git a/download/index.markdown b/download/index.markdown index 43a2cba..fa8fc76 100644 --- a/download/index.markdown +++ b/download/index.markdown @@ -156,7 +156,7 @@ The [openSUSE Build Service](http://build.opensuse.org/){:rel='external'} is bui ## Release Sources -Latest release version: **0.8.19** – [Downloads][14]{:rel='external'} +Latest release version: **0.8.20** – [Downloads][14]{:rel='external'} See the included [INSTALL][15]{:rel='external'} file for building instructions @@ -166,7 +166,7 @@ To verify the signatures: You shouldn't really trust this key without verifying its fingerprint. See it with `gpg --fingerprint staff@irssi.org` and ask someone if it matches (eg. on `#irssi`). - gpg --verify irssi-0.8.19.tar.xz.asc + gpg --verify irssi-0.8.20.tar.xz.asc (This key is different from the one used to sign binaries of versions before 0.8.10. More gpg help can be found from GPG manual) diff --git a/security/irssi_sa_2016.txt b/security/irssi_sa_2016.txt new file mode 100644 index 0000000..7c4d22c --- /dev/null +++ b/security/irssi_sa_2016.txt @@ -0,0 +1,102 @@ +heap corruption and missing boundary checks +=========================================== +CWE Classification: CWE-20, CWE-823, CWE-126, CWE-122 + +CVE-2016-7044 [1] was assigned to bug 1 +CVE-2016-7045 [2] was assigned to bug 2 + + +Description +----------- + +Gabriel Campana and Adrien Guinet from Quarkslab reported two remote +crash and heap corruption vulnerabilites in Irssi's format parsing +code. + +They also provided us with proof of concept exploit code and patches +to fix those issues. + + +Impact +------ + +Remote crash and heap corruption. Remote code execution seems +difficult since only Nuls are written. + + +Detailed analysis +----------------- + +Based on analysis Provided by Gabriel Campana and Adrien Guinet from +Quarkslab: + +Bug 1 + +The unformat_24bit_color() function is called by format_send_to_gui() +to decode 24bit color codes into their components. The pointer is +advanced unconditionally without checking if a complete code was +supplied. + +Thus, after the return of unformat_24bit_color(), ptr might be invalid +and point out of the buffer. + +Bug 2 + +The format_send_to_gui() function does not validate the length of the +string before incrementing the `ptr' pointer in all cases. + +If that happens, the pointer `ptr' can be incremented twice and thus +end past the boundaries of the original `dup' buffer. + + +Affected versions +----------------- + +Irssi 0.8.17-beta up to and including 0.8.19 up to 0.8.19-219-g52fedea + +Bug 1 affects only Irssis compiled with true-color enabled. +Bug 2 affects all Irssis regardless of compilation flags. + + +Fixed in +-------- + +Irssi 0.8.20 + + +Recommended action +------------------ + +Upgrade to Irssi 0.8.20. Irssi 0.8.20 is a maintenance release +without any new features. + +After installing the updated packages, one can issue the /upgrade +command to load the new binary. TLS connections will require +/reconnect. If the buf.pl script is loaded and symlinked into +~/.irssi/scripts/autorun, text buffer content will be saved and +restored. + + +Fallback action +--------------- + +Distributions which need to remain on Irssi 0.8.17 are strongly urged +to apply the patch and provide updated packages. + +Those totally unable to upgrade, but with Perl support enabled in +their Irssi, can load the following script and add it to +~/.irssi/scripts/autorun as a first aid to mitigating these issues: + +https://irssi.org/security/sa_patch.pl + + +Patch +----- + +https://github.com/irssi/irssi/commit/295a4b77f07f14602eeaa371f00ddbf09910c82b + + +References +---------- +[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 +[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 diff --git a/security/sa_patch.pl b/security/sa_patch.pl new file mode 100644 index 0000000..2194dc7 --- /dev/null +++ b/security/sa_patch.pl @@ -0,0 +1,2 @@ +Irssi::signal_add_first("print text", sub { + for ($_[1]) { $_ .= ' ' if /\cD(?!.....)/ } &Irssi::signal_continue }) |