summaryrefslogtreecommitdiff
path: root/security/irssi_sa_2017_07.txt
diff options
context:
space:
mode:
Diffstat (limited to 'security/irssi_sa_2017_07.txt')
-rw-r--r--security/irssi_sa_2017_07.txt75
1 files changed, 75 insertions, 0 deletions
diff --git a/security/irssi_sa_2017_07.txt b/security/irssi_sa_2017_07.txt
new file mode 100644
index 0000000..90229ac
--- /dev/null
+++ b/security/irssi_sa_2017_07.txt
@@ -0,0 +1,75 @@
+IRSSI-SA-2017-07 Irssi Security Advisory [1]
+============================================
+CVE-2017-10965, CVE-2017-10966.
+
+Description
+-----------
+
+Two vulnerabilities have been located in Irssi.
+
+(a) When receiving messages with invalid time stamps, Irssi would try
+ to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
+ of Geeknik Labs. (CWE-690)
+
+ CVE-2017-10965 [2] was assigned to this bug
+
+(b) While updating the internal nick list, Irssi may incorrectly use
+ the GHashTable interface and free the nick while updating it. This
+ will then result in use-after-free conditions on each access of
+ the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
+ Labs. (CWE-416 caused by CWE-227)
+
+ CVE-2017-10966 [3] was assigned to this bug
+
+
+Impact
+------
+
+(a) May result in denial of service (remote crash).
+
+(b) Undefined behaviour.
+
+
+Affected versions
+-----------------
+
+All Irssi versions that we observed.
+
+
+Fixed in
+--------
+
+Irssi 1.0.4
+
+
+Recommended action
+------------------
+
+Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the
+1.0 series, without any new features.
+
+After installing the updated packages, one can issue the /upgrade
+command to load the new binary. TLS connections will require
+/reconnect.
+
+
+Mitigating facts
+----------------
+
+(a) requires control over the ircd
+
+(b) should not happen with a conforming ircd
+
+
+Patch
+-----
+
+https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
+
+
+References
+----------
+
+[1] https://irssi.org/security/irssi_sa_2017_07.txt
+[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
+[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966