Advisories ยป MGASA-2018-0069

Updated irssi packages fix security vulnerabilities

Publication date: 12 Jan 2018
Modification date: 12 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5205 , CVE-2018-5206 , CVE-2018-5207 , CVE-2018-5208

Description

Joseph Bisch discovered that Irssi incorrectly handled incomplete escape
codes. If a user were tricked into using malformed commands or opening
malformed files, an attacker could use this issue to cause Irssi to
crash, resulting in a denial of service (CVE-2018-5205).

Joseph Bisch discovered that Irssi incorrectly handled settings the
channel topic without specifying a sender. A malicious IRC server could
use this issue to cause Irssi to crash, resulting in a denial of service
(CVE-2018-5206).

Joseph Bisch discovered that Irssi incorrectly handled incomplete
variable arguments. If a user were tricked into using malformed commands
or opening malformed files, an attacker could use this issue to cause
Irssi to crash, resulting in a denial of service (CVE-2018-5207).

Joseph Bisch discovered that Irssi incorrectly handled completing
certain strings. An attacker could use this issue to cause Irssi to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2018-5208).
                

References

SRPMS

5/core

6/core