Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 606496 (CVE-2016-2087, CVE-2016-2233) - <net-irc/hexchat-2.12.2: Multiple vulnerabilities
Summary: <net-irc/hexchat-2.12.2: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2016-2087, CVE-2016-2233
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B3 [noglsa cve]
Keywords:
: 606410 (view as bug list)
Depends on:
Blocks:
 
Reported: 2017-01-19 10:25 UTC by Agostino Sarubbo
Modified: 2017-02-21 10:12 UTC (History)
5 users (show)

See Also:
Package list:
=net-irc/hexchat-2.12.4-r1
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2017-01-19 10:25:08 UTC
From ${URL} :

Two vulnerabilities were found in hexchat 2.11.0 and before.

CVE-2016-2087:

Directory traversal vulnerability in the client in HexChat 2.11.0 allows remote IRC servers to read or modify arbitrary files via a .. (dot dot) in the 
server name.

CVE-2016-2233:

Stack-based buffer overflow in the inbound_cap_ls function in common/inbound.c in HexChat 2.10.2 allows remote IRC servers to cause a denial of service 
(crash) via a large number of options in a CAP LS message.

References:

https://www.exploit-db.com/exploits/39657/
https://www.exploit-db.com/exploits/39656/

Upstream references:
https://github.com/hexchat/hexchat/issues/1933
https://github.com/hexchat/hexchat/issues/1934



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2017-01-19 15:59:56 UTC
CVE-2016-2087 is fixed since 2.12.2
CVE-2016-2233 is fixed since 2.12.0

Please choose which version to stabilize and CC arches.
Comment 2 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-01-19 16:37:11 UTC
Arches please test and mark stable =net-irc/hexchat-2.12.4-r1 with target KEYWORDS:

alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 ~amd64-linux
Comment 3 Agostino Sarubbo gentoo-dev 2017-01-19 17:06:56 UTC
amd64 stable
Comment 4 Agostino Sarubbo gentoo-dev 2017-01-19 17:07:33 UTC
x86 stable
Comment 5 Agostino Sarubbo gentoo-dev 2017-01-20 11:15:07 UTC
ppc64 stable
Comment 6 Tobias Klausmann (RETIRED) gentoo-dev 2017-01-21 11:44:15 UTC
Stable on alpha.
Comment 7 Agostino Sarubbo gentoo-dev 2017-01-21 20:38:25 UTC
ppc stable
Comment 8 Jeroen Roovers (RETIRED) gentoo-dev 2017-01-22 09:36:40 UTC
Stable for HPPA.
Comment 9 Agostino Sarubbo gentoo-dev 2017-01-22 16:33:21 UTC
sparc stable
Comment 10 Agostino Sarubbo gentoo-dev 2017-01-23 16:31:18 UTC
ia64 stable
Comment 11 Markus Meier gentoo-dev 2017-02-05 17:04:11 UTC
arm stable, all arches done.
Comment 12 Lars Wendler (Polynomial-C) (RETIRED) gentoo-dev 2017-02-05 17:29:15 UTC
commit 27ff1000382449f4d75ff876985ae4a3d6d4957e
Author: Lars Wendler <polynomial-c@gentoo.org>
Date:   Sun Feb 5 18:27:07 2017

    net-irc/hexchat: Security cleanup (bug #606496).

    Package-Manager: Portage-2.3.3, Repoman-2.3.1
Comment 13 Aaron Bauman (RETIRED) gentoo-dev 2017-02-05 22:33:17 UTC
PoC's are for DoS.

GLSA Vote: No
Comment 14 Pacho Ramos gentoo-dev 2017-02-21 10:12:24 UTC
*** Bug 606410 has been marked as a duplicate of this bug. ***