Updated irssi packages fix security vulnerabilities
Publication date: 12 Jan 2018Modification date: 12 Jan 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5205 , CVE-2018-5206 , CVE-2018-5207 , CVE-2018-5208
Description
Joseph Bisch discovered that Irssi incorrectly handled incomplete escape
codes. If a user were tricked into using malformed commands or opening
malformed files, an attacker could use this issue to cause Irssi to
crash, resulting in a denial of service (CVE-2018-5205).
Joseph Bisch discovered that Irssi incorrectly handled settings the
channel topic without specifying a sender. A malicious IRC server could
use this issue to cause Irssi to crash, resulting in a denial of service
(CVE-2018-5206).
Joseph Bisch discovered that Irssi incorrectly handled incomplete
variable arguments. If a user were tricked into using malformed commands
or opening malformed files, an attacker could use this issue to cause
Irssi to crash, resulting in a denial of service (CVE-2018-5207).
Joseph Bisch discovered that Irssi incorrectly handled completing
certain strings. An attacker could use this issue to cause Irssi to
crash, resulting in a denial of service, or possibly execute arbitrary
code (CVE-2018-5208).
References
- https://bugs.mageia.org/show_bug.cgi?id=22328
- https://usn.ubuntu.com/usn/usn-3527-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5205
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5206
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5207
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5208
SRPMS
5/core
- irssi-0.8.21-1.4.mga5
6/core
- irssi-1.0.6-1.mga6