IRSSI-SA-2018-02 Irssi Security Advisory [1] ============================================ CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051 Description ----------- Multiple vulnerabilities have been located in Irssi. (a) Use after free when server is disconnected during netsplits. Found by Joseph Bisch. (CWE-416, CWE-825) CVE-2018-7054 [2] was assigned to this issue. (b) Use after free when SASL messages are received in unexpected order. Found by Joseph Bisch. (CWE-416, CWE-691) CVE-2018-7053 [3] was assigned to this issue. (c) Null pointer dereference when an "empty" nick has been observed by Irssi. Found by Joseph Bisch. (CWE-476, CWE-475) CVE-2018-7050 [4] was assigned to this issue. (d) When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. Found by Joseph Bisch. (CWE-690) CVE-2018-7052 [5] was assigned to this issue. (e) Certain nick names could result in out of bounds access when printing theme strings. Found by Oss-Fuzz. (CWE-126) CVE-2018-7051 [6] was assigned to this issue. Affected versions ----------------- (a) Irssi 1.0.0 and later (b) Irssi 0.8.18 and later (c) All Irssi versions that we observed (d) All Irssi versions that we observed (e) Irssi 0.8.7 and later Fixed in -------- Irssi 1.0.7, 1.1.1 Recommended action ------------------ Upgrade to the latest stable Irssi version. Irssi 1.0.7 and 1.1.1 are maintenance release in the 1.0 and 1.1 series, without any new features. After installing the updated packages, one can issue the /upgrade command to load the new binary. TLS connections will require /reconnect. Mitigating facts ---------------- (b) requires a non-conforming ircd (c) requires a broken ircd or control over the ircd (d) depends on non-default configuration References ---------- [1] https://irssi.org/security/irssi_sa_2018_02.txt [2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054 [3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053 [4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050 [5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052 [6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051 -Gentoo Security Padawan-
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e3fa2f4174301b9b829a6022ed2e03431be7001 commit 0e3fa2f4174301b9b829a6022ed2e03431be7001 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2018-02-16 10:17:16 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-02-16 10:27:51 +0000 net-irc/irssi: version bump to 1.1.1. Bug: https://bugs.gentoo.org/647780 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-irc/irssi/Manifest | 1 + net-irc/irssi/irssi-1.1.1.ebuild | 54 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bb882366765501a1e4663250310585b4d0033e4 commit 7bb882366765501a1e4663250310585b4d0033e4 Author: Patrice Clement <monsieurp@gentoo.org> AuthorDate: 2018-02-16 10:15:44 +0000 Commit: Patrice Clement <monsieurp@gentoo.org> CommitDate: 2018-02-16 10:27:49 +0000 net-irc/irssi: version bump to 1.0.7. Bug: https://bugs.gentoo.org/647780 Package-Manager: Portage-2.3.19, Repoman-2.3.6 net-irc/irssi/Manifest | 1 + net-irc/irssi/irssi-1.0.7.ebuild | 54 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 55 insertions(+)}
@arches, please stabilize.
amd64 stable
ia64 stable
x86 stable
Stable on alpha.
ppc64 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ec97b56ecdc86b54aab4694aae8c288159f99da commit 5ec97b56ecdc86b54aab4694aae8c288159f99da Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-04-17 19:37:56 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-17 21:57:21 +0000 net-irc/irssi: stable 1.0.7 for ppc, bug #647780 Bug: https://bugs.gentoo.org/647780 Package-Manager: Portage-2.3.28, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" net-irc/irssi/irssi-1.0.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}
hppa stable
GLSA Vote: No
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2555e91977a0f54ff728eec396c64e3f9bf94b6 commit b2555e91977a0f54ff728eec396c64e3f9bf94b6 Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2018-04-22 21:13:58 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2018-04-22 21:13:58 +0000 net-irc/irssi: drop vulnerable Closes: https://bugs.gentoo.org/647780 Package-Manager: Portage-2.3.31, Repoman-2.3.9 net-irc/irssi/Manifest | 4 --- net-irc/irssi/irssi-1.0.4.ebuild | 55 ---------------------------------------- net-irc/irssi/irssi-1.0.5.ebuild | 54 --------------------------------------- net-irc/irssi/irssi-1.0.6.ebuild | 54 --------------------------------------- net-irc/irssi/irssi-1.1.0.ebuild | 54 --------------------------------------- 5 files changed, 221 deletions(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=125c9192cc85d003ac084ce88efa7a47eb15aa39 commit 125c9192cc85d003ac084ce88efa7a47eb15aa39 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-04-27 17:51:43 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-04-27 21:07:59 +0000 net-irc/irssi: stable 1.0.7 for sparc Bug: https://bugs.gentoo.org/647780 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" net-irc/irssi/irssi-1.0.7.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)}