From $URL: IRSSI-SA-2017-07 Irssi Security Advisory ============================================ CVE-2017-10965, CVE-2017-10966. Description ----------- Two vulnerabilities have been located in Irssi. (a) When receiving messages with invalid time stamps, Irssi would try to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-690) CVE-2017-10965 [2] was assigned to this bug (b) While updating the internal nick list, Irssi may incorrectly use the GHashTable interface and free the nick while updating it. This will then result in use-after-free conditions on each access of the hash table. Found by Brian 'geeknik' Carpenter of Geeknik Labs. (CWE-416 caused by CWE-227) CVE-2017-10966 [3] was assigned to this bug Impact ------ (a) May result in denial of service (remote crash). (b) Undefined behaviour. Affected versions ----------------- All Irssi versions that we observed. Fixed in -------- Irssi 1.0.4 Recommended action ------------------ Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the 1.0 series, without any new features. After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect. Mitigating facts ---------------- (a) requires control over the ircd (b) should not happen with a conforming ircd Patch ----- https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206 384d291 References ---------- [1] https://irssi.org/security/irssi_sa_2017_07.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966
commit d939b3f9445cd00df8426d136d035c650b466e12 (HEAD -> master, origin/master, origin/HEAD) Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: Fri Jul 7 15:13:57 2017 +0200 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: Fri Jul 7 15:14:43 2017 +0200 net-irc/irssi: version bump. Gentoo-Bug: https://bugs.gentoo.org/624100 Package-Manager: Portage-2.3.6, Repoman-2.3.1 net-irc/irssi/Manifest | 1 + net-irc/irssi/irssi-1.0.4.ebuild | 55 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) create mode 100644 net-irc/irssi/irssi-1.0.4.ebuild
This bug report renders bug 624100 obsolete now.
(In reply to Patrice Clement from comment #1) > net-irc/irssi: version bump. Thank you for the version bump Patrice. Please call for stabilization once you feel it is sufficiently ready for it.
(In reply to Patrice Clement from comment #2) > This bug report renders bug 624100 obsolete now. Recursive loop?
(In reply to Kristian Fiskerstrand from comment #4) > (In reply to Patrice Clement from comment #2) > > This bug report renders bug 624100 obsolete now. > > Recursive loop? Uh.. my copy/paste skills are so bad :/ I meant to write bug 621188! :)
*** Bug 624982 has been marked as a duplicate of this bug. ***
ia64 stable
arm stable
amd64 stable
x86 stable
alpha stable
sparc was dropped to exp. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b5901d8f716555a1479f12313a2925fcadd177a9
hppa stable
ppc64 stable
ppc stable
Security, Please proceed.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0556397f8153373c5a1b8b4716b6142fcb91e7e0 commit 0556397f8153373c5a1b8b4716b6142fcb91e7e0 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2017-10-19 16:27:08 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2017-10-19 16:27:29 +0000 net-irc/irssi: remove vulnerable versions. Bug: https://bugs.gentoo.org/624100 Package-Manager: Portage-2.3.8, Repoman-2.3.3 net-irc/irssi/Manifest | 3 -- net-irc/irssi/files/irssi-0.8.20-tinfo.patch | 21 -------- net-irc/irssi/irssi-0.8.21.ebuild | 72 ---------------------------- net-irc/irssi/irssi-1.0.2.ebuild | 60 ----------------------- net-irc/irssi/irssi-1.0.3.ebuild | 55 --------------------- 5 files changed, 211 deletions(-)}
GLSA Vote: No
