Updated irssi packages fix security vulnerability
Publication date: 22 Feb 2018Type: security
Affected Mageia releases : 6
CVE: CVE-2018-7050 , CVE-2018-7051 , CVE-2018-7052 , CVE-2018-7053 , CVE-2018-7054
Description
Null pointer dereference when an "empty" nick has been observed by Irssi (CVE-2018-7050). Certain nick names could result in out of bounds access when printing theme strings (CVE-2018-7051). When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference (CVE-2018-7052). Use after free when SASL messages are received in unexpected order (CVE-2018-7053). Use after free when server is disconnected during netsplits (CVE-2018-7054).
References
- https://bugs.mageia.org/show_bug.cgi?id=22609
- https://irssi.org/security/irssi_sa_2018_02.txt
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
SRPMS
6/core
- irssi-1.0.7-1.mga6