diff options
Diffstat (limited to 'security/irssi_sa_2017_07.txt')
-rw-r--r-- | security/irssi_sa_2017_07.txt | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/security/irssi_sa_2017_07.txt b/security/irssi_sa_2017_07.txt new file mode 100644 index 0000000..90229ac --- /dev/null +++ b/security/irssi_sa_2017_07.txt @@ -0,0 +1,75 @@ +IRSSI-SA-2017-07 Irssi Security Advisory [1] +============================================ +CVE-2017-10965, CVE-2017-10966. + +Description +----------- + +Two vulnerabilities have been located in Irssi. + +(a) When receiving messages with invalid time stamps, Irssi would try + to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter + of Geeknik Labs. (CWE-690) + + CVE-2017-10965 [2] was assigned to this bug + +(b) While updating the internal nick list, Irssi may incorrectly use + the GHashTable interface and free the nick while updating it. This + will then result in use-after-free conditions on each access of + the hash table. Found by Brian 'geeknik' Carpenter of Geeknik + Labs. (CWE-416 caused by CWE-227) + + CVE-2017-10966 [3] was assigned to this bug + + +Impact +------ + +(a) May result in denial of service (remote crash). + +(b) Undefined behaviour. + + +Affected versions +----------------- + +All Irssi versions that we observed. + + +Fixed in +-------- + +Irssi 1.0.4 + + +Recommended action +------------------ + +Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the +1.0 series, without any new features. + +After installing the updated packages, one can issue the /upgrade +command to load the new binary. TLS connections will require +/reconnect. + + +Mitigating facts +---------------- + +(a) requires control over the ircd + +(b) should not happen with a conforming ircd + + +Patch +----- + +https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291 + + +References +---------- + +[1] https://irssi.org/security/irssi_sa_2017_07.txt +[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 +[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966 |