Updated irssi packages fix security vulnerabilities
Publication date: 14 Jan 2017Modification date: 14 Jan 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-5193 , CVE-2017-5194 , CVE-2017-5195 , CVE-2017-5196 , CVE-2017-5356
Description
In irssi before 0.8.21, a NULL pointer dereference in the nickcmp
function (CVE-2017-5193).
In irssi before 0.8.21, use after free when receiving invalid nick
message (CVE-2017-5194).
In irssi before 0.8.21, out of bounds read in certain incomplete control
codes (CVE-2017-5195).
In irssi before 0.8.21, out of bounds read in certain incomplete
character sequences (CVE-2017-5196).
In irssi before 0.8.21, out of bounds read when printing certain values
(CVE-2017-5356).
References
- https://bugs.mageia.org/show_bug.cgi?id=20078
- https://irssi.org/security/irssi_sa_2017_01.txt
- https://irssi.org/2017/01/05/irssi-0.8.21-released/
- http://openwall.com/lists/oss-security/2017/01/13/2
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5193
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5194
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5195
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5196
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5356
SRPMS
5/core
- irssi-0.8.21-1.mga5