From b73f9a3ccb3378960f4f930c7d8713ad9069fbd9 Mon Sep 17 00:00:00 2001 From: Ailin Nemui Date: Mon, 26 Sep 2016 14:24:23 +0200 Subject: improve news layout, update buf cve --- _layouts/default.html | 2 +- _layouts/home.html | 2 +- _posts/2016-09-22-buf.pl-update.markdown | 49 +++------------------ assets/css/style.css | 17 ++++++++ security/buf_pl_sa_2016.txt | 73 ++++++++++++++++++++++++++++++++ security/irssi_sa_2016.txt | 1 + 6 files changed, 98 insertions(+), 46 deletions(-) create mode 100644 security/buf_pl_sa_2016.txt diff --git a/_layouts/default.html b/_layouts/default.html index 1d57e03..cc2c463 100644 --- a/_layouts/default.html +++ b/_layouts/default.html @@ -6,7 +6,7 @@ {% include header.html %}
-
+
{% if page.sidebar %}
{{ content }} diff --git a/_layouts/home.html b/_layouts/home.html index e86425a..8cd68e1 100644 --- a/_layouts/home.html +++ b/_layouts/home.html @@ -8,7 +8,7 @@ sidebar: sb_sidebar_news.html

{{ post.title }}

{% include postmeta.html node=post %} {{ post.excerpt }}{% - if post.excerpt != post.content %}Read more... the Irssi Team.{% + if post.excerpt != post.content %}

Read more... the Irssi Team.

{% endif %} {% endfor %} diff --git a/_posts/2016-09-22-buf.pl-update.markdown b/_posts/2016-09-22-buf.pl-update.markdown index 410d011..460ab0f 100644 --- a/_posts/2016-09-22-buf.pl-update.markdown +++ b/_posts/2016-09-22-buf.pl-update.markdown @@ -3,49 +3,10 @@ layout: post title: "buf.pl update available" --- -An information disclosure vulnerability was found, reported and fixed -in the buf.pl script by its author. +An update to the [buf.pl](//scripts.irssi.org/scripts/buf.pl) script +has been released. This release fixes an information disclosure +vulnerability. All users should upgrade to this version. -CWE Classification: CWE-732, CWE-538 +The updated buf.pl script can be found on [scripts.irssi.org](//scripts.irssi.org). -### Impact - -Other users on the same machine may be able to retrieve the whole -window contents after /UPGRADE when the buf.pl script is -loaded. Furthermore, this dump of the windows contents is never -removed afterwards. - -Since buf.pl is also an Irssi core script and we recommended its use -to retain your window content, many people could potentially be -affected by this. - -Remote users may be able to retrieve these contents when combined with -other path traversal vulnerabilities in public facing services on that -machine. - -### Detailed analysis - -buf.pl restores the scrollbuffer between "/upgrade"s by writing the -contents to a file, and reading that after the new process was spawned. -Through that file, the contents of (private) chat conversations may leak to -other users. - -### Mitigating facts - -Careful users with a limited umask (e.g. 077) are not affected by this bug. -However, most Linux systems default to a umask of 022, meaning that files -written without further restricting the permissions, are readable by any -user. - -### Affected versions - -All up to 2.13 - -### Fixed versions - -[buf.pl](//scripts.irssi.org/scripts/buf.pl) 2.20 - -### Resolution - -Update the buf.pl script with the latest version from -[scripts.irssi.org](//scripts.irssi.org). \ No newline at end of file +Read the [security advisory](/security/buf_pl_sa_2016.txt). diff --git a/assets/css/style.css b/assets/css/style.css index f7b4213..c3d7e04 100644 --- a/assets/css/style.css +++ b/assets/css/style.css @@ -196,6 +196,23 @@ blockquote { height: 80vh !important; } +/* news archive */ +.container.home h3, +.container.home .h3 { + font-size: 20px; + font-weight: bold; +} + +.container.home p + h2 { + border-top: 2px solid #eee; + padding-top: 20px; +} + +.container.home hr { + width: 70%; +} + + /* download page */ .osicon, .obsicon { padding-right: 1ex; diff --git a/security/buf_pl_sa_2016.txt b/security/buf_pl_sa_2016.txt new file mode 100644 index 0000000..7257538 --- /dev/null +++ b/security/buf_pl_sa_2016.txt @@ -0,0 +1,73 @@ +information disclosure vulnerability in buf.pl +============================================== +CWE Classification: CWE-732, CWE-538 + +CVE-2016-7553 [1] was assigned to this bug. + + +Description +----------- + +An information disclosure vulnerability was found, reported and fixed +in the buf.pl script by its author. + + +Impact +------ + +Other users on the same machine may be able to retrieve the whole +window contents after /UPGRADE when the buf.pl script is +loaded. Furthermore, this dump of the windows contents is never +removed afterwards. + +Since buf.pl is also an Irssi core script and we recommended its use +to retain your window content, many people could potentially be +affected by this. + +Remote users may be able to retrieve these contents when combined with +other path traversal vulnerabilities in public facing services on that +machine. + + +Detailed analysis +----------------- + +buf.pl restores the scrollbuffer between "/upgrade"s by writing the +contents to a file, and reading that after the new process was spawned. +Through that file, the contents of (private) chat conversations may leak to +other users. + + +Mitigating facts +---------------- + +Careful users with a limited umask (e.g. 077) are not affected by this bug. +However, most Linux systems default to a umask of 022, meaning that files +written without further restricting the permissions, are readable by any +user. + + +Affected versions +----------------- + +All up to 2.13 + + +Fixed versions +-------------- + +buf.pl 2.20 [2] + + +Resolution +---------- + +Update the buf.pl script with the latest version from +https://scripts.irssi.org + + +References +---------- + +[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553 +[2] https://scripts.irssi.org/scripts/buf.pl diff --git a/security/irssi_sa_2016.txt b/security/irssi_sa_2016.txt index f784e8e..4b60040 100644 --- a/security/irssi_sa_2016.txt +++ b/security/irssi_sa_2016.txt @@ -96,5 +96,6 @@ https://github.com/irssi/irssi/commit/295a4b77f07f14602eeaa371f00ddbf09910c82b References ---------- + [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044 [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045 -- cgit v1.2.3