Advisories » MGASA-2017-0185

Updated irssi packages fix security vulnerabilities

Publication date: 26 Jun 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9468 , CVE-2017-9469

Description

It was discovered that Irssi incorrectly handled certain DCC messages.
A malicious IRC server could use this issue to cause Irssi to crash,
resulting in a denial of service (CVE-2017-9468).

Joseph Bisch discovered that Irssi incorrectly handled receiving
incorrectly quoted DCC files. A remote attacker could possibly use this
issue to cause Irssi to crash, resulting in a denial of service
(CVE-2017-9469).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21037
• https://www.ubuntu.com/usn/usn-3317-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9468
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9469

SRPMS

5/core

• irssi-0.8.21-1.1.mga5