星球 - USN-3086-1: Irssi vulnerabilities

來自:Ubuntu security notices | 2016/9/24 4:42:54

Ubuntu Security Notice USN-3086-1


21st September, 2016


irssi vulnerabilities


A security issue affects these releases of Ubuntu and its
derivatives:




  • Ubuntu 16.04 LTS





Summary


Irssi could be made to crash if it received specially crafted network
traffic.





Software description





  • irssi
    - terminal based IRC client







Details


Gabriel Campana and Adrien Guinet discovered that the format parsing code
in Irssi did not properly verify 24bit color codes. A remote attacker could
use this to cause a denial of service (application crash). (CVE-2016-7044)



Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed
in the format parsing code in Irssi. A remote attacker could use this to
cause a denial of service (application crash). (CVE-2016-7045)



Update instructions


The problem can be corrected by updating your system to the following
package version:




Ubuntu 16.04 LTS:




irssi

0.8.19-1ubuntu1.2






To update your system, please follow these instructions:
https://wiki.ubuntu.com/Security/Upgrades.


After a standard system update you need to restart Irssi to make
all the necessary changes.





References




CVE-2016-7044,

CVE-2016-7045