Advisories » MGASA-2016-0384

Updated irssi packages fix security vulnerability

Publication date: 17 Nov 2016
Modification date: 17 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-7553

Description

An information disclosure vulnerability was found in the buf.pl core
script for irssi. Other users on the same machine may be able to retrieve
the whole window contents after /UPGRADE when the buf.pl script is loaded.
Furthermore, this dump of the windows contents is never removed afterwards
(CVE-2016-7553).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19458
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3WUJ5QGF7IUNO3MJE76PYJHMHXYMAGNU/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7553

SRPMS

5/core

• irssi-0.8.20-1.mga5