[arch-security] [ASA-201710-30] irssi: multiple issues
Arch Linux Security Advisory ASA-201710-30 ========================================== Severity: High Date : 2017-10-22 CVE-ID : CVE-2017-15227 CVE-2017-15228 CVE-2017-15721 CVE-2017-15722 CVE-2017-15723 Package : irssi Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-461 Summary ======= The package irssi before version 1.0.5-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 1.0.5-1. # pacman -Syu "irssi>=1.0.5-1" The problems have been fixed upstream in version 1.0.5. Workaround ========== None. Description =========== - CVE-2017-15227 (arbitrary code execution) While waiting for the channel synchronization, Irssi < 1.0.5 may incorrectly fail to remove destroyed channels from the query list, resulting in use-after-free conditions when updating the state later on. To be exploited, this issue requires a broken IRCd or control over the IRCd. - CVE-2017-15228 (denial of service) When installing themes with unterminated colour formatting sequences, Irssi < 1.0.5 may access data beyond the end of the string. - CVE-2017-15721 (denial of service) Certain incorrectly formatted DCC CTCP messages could cause NULL- pointer dereference in Irssi < 1.0.5. This is a separate, but similar issue to CVE-2017-9468. To be exploited, this issue requires a broken IRCd or control over the IRCd. - CVE-2017-15722 (denial of service) In certain cases Irssi may fail to verify that a Safe channel ID is long enough, causing reads beyond the end of the string. To be exploited, this issue requires a broken IRCd or control over the IRCd. - CVE-2017-15723 (denial of service) Overlong nicks or targets may result in a NULL-pointer dereference in Irssi >= 0.8.17 and < 1.0.5 while splitting the message. Most IRC servers typically have length limits in place that would prevent this issue. Impact ====== A remote attacker can cause a denial of service by sending crafted IRC messages, or tricking the user into installing a crafted theme. A remote attacker in control of the IRCd to which the user is connected, or in position of man-in-the-middle, might be able to execute arbitrary code on the affected host. References ========== https://irssi.org/security/irssi_sa_2017_10.txt https://github.com/irssi/irssi/commit/49ace3251b79a9e97c6e4d0bc640f9143dc71b... https://github.com/irssi/irssi/commit/2edd816e7db13b4ac0b20df9bf7fe55ee77182... https://github.com/irssi/irssi/commit/00c80cb6fcca40cfc421fe3fc181115ac49071... https://github.com/irssi/irssi/commit/9f0dc4766c7aa80e34aa2cde94323fb49971ab... https://github.com/irssi/irssi/commit/45dfe2ba3889c5dc23a9bea3214f158cc651a0... https://github.com/irssi/irssi/commit/0840eaec7bf56740029aae614e393f8cf76f69... https://security.archlinux.org/CVE-2017-15227 https://security.archlinux.org/CVE-2017-15228 https://security.archlinux.org/CVE-2017-15721 https://security.archlinux.org/CVE-2017-15722 https://security.archlinux.org/CVE-2017-15723
participants (1)
-
Remi Gacogne