Updated irssi packages fix security vulnerabilities
Publication date: 12 Jan 2018Modification date: 12 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5205 , CVE-2018-5206 , CVE-2018-5207 , CVE-2018-5208
Description
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape codes. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5205). Joseph Bisch discovered that Irssi incorrectly handled settings the channel topic without specifying a sender. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5206). Joseph Bisch discovered that Irssi incorrectly handled incomplete variable arguments. If a user were tricked into using malformed commands or opening malformed files, an attacker could use this issue to cause Irssi to crash, resulting in a denial of service (CVE-2018-5207). Joseph Bisch discovered that Irssi incorrectly handled completing certain strings. An attacker could use this issue to cause Irssi to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2018-5208).
References
- https://bugs.mageia.org/show_bug.cgi?id=22328
- https://usn.ubuntu.com/usn/usn-3527-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
SRPMS
5/core
- irssi-0.8.21-1.4.mga5
6/core
- irssi-1.0.6-1.mga6