Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 647780 (CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054) - <net-irc/irssi-{1.0.7,1.1.1}: Multiple vulnerabilities
Summary: <net-irc/irssi-{1.0.7,1.1.1}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://irssi.org/security/irssi_sa_2...
Whiteboard: B3 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-02-15 21:24 UTC by Demetris Nakos (sokan)
Modified: 2018-04-27 21:08 UTC (History)
3 users (show)

See Also:
Package list:
=net-irc/irssi-1.0.7
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Demetris Nakos (sokan) 2018-02-15 21:24:02 UTC
IRSSI-SA-2018-02 Irssi Security Advisory [1]
============================================
CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051

Description
-----------

Multiple vulnerabilities have been located in Irssi.

(a) Use after free when server is disconnected during netsplits. Found
    by Joseph Bisch. (CWE-416, CWE-825)

    CVE-2018-7054 [2] was assigned to this issue.

(b) Use after free when SASL messages are received in unexpected order.
    Found by Joseph Bisch. (CWE-416, CWE-691)

    CVE-2018-7053 [3] was assigned to this issue.

(c) Null pointer dereference when an "empty" nick has been observed by
    Irssi. Found by Joseph Bisch. (CWE-476, CWE-475)

    CVE-2018-7050 [4] was assigned to this issue.

(d) When the number of windows exceed the available space, Irssi would
    crash due to Null pointer dereference. Found by Joseph Bisch.
    (CWE-690)

    CVE-2018-7052 [5] was assigned to this issue.

(e) Certain nick names could result in out of bounds access when
    printing theme strings. Found by Oss-Fuzz. (CWE-126)

    CVE-2018-7051 [6] was assigned to this issue.


Affected versions
-----------------

(a) Irssi 1.0.0 and later

(b) Irssi 0.8.18 and later

(c) All Irssi versions that we observed

(d) All Irssi versions that we observed

(e) Irssi 0.8.7 and later


Fixed in
--------

Irssi 1.0.7, 1.1.1


Recommended action
------------------

Upgrade to the latest stable Irssi version. Irssi 1.0.7 and 1.1.1 are
maintenance release in the 1.0 and 1.1 series, without any new features.

After installing the updated packages, one can issue the /upgrade
command to load the new binary. TLS connections will require /reconnect.


Mitigating facts
----------------

(b) requires a non-conforming ircd

(c) requires a broken ircd or control over the ircd

(d) depends on non-default configuration



References
----------

[1] https://irssi.org/security/irssi_sa_2018_02.txt
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7054
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7053
[4] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7050
[5] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7052
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7051


-Gentoo Security Padawan-
Comment 1 Larry the Git Cow gentoo-dev 2018-02-16 10:27:57 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0e3fa2f4174301b9b829a6022ed2e03431be7001

commit 0e3fa2f4174301b9b829a6022ed2e03431be7001
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2018-02-16 10:17:16 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-16 10:27:51 +0000

    net-irc/irssi: version bump to 1.1.1.
    
    Bug: https://bugs.gentoo.org/647780
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-irc/irssi/Manifest           |  1 +
 net-irc/irssi/irssi-1.1.1.ebuild | 54 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7bb882366765501a1e4663250310585b4d0033e4

commit 7bb882366765501a1e4663250310585b4d0033e4
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2018-02-16 10:15:44 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-02-16 10:27:49 +0000

    net-irc/irssi: version bump to 1.0.7.
    
    Bug: https://bugs.gentoo.org/647780
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 net-irc/irssi/Manifest           |  1 +
 net-irc/irssi/irssi-1.0.7.ebuild | 54 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)}
Comment 2 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-03-22 23:32:42 UTC
@arches, please stabilize.
Comment 3 Agostino Sarubbo gentoo-dev 2018-03-23 10:28:19 UTC
amd64 stable
Comment 4 Sergei Trofimovich gentoo-dev 2018-03-24 11:19:33 UTC
ia64 stable
Comment 5 Thomas Deutschmann gentoo-dev Security 2018-03-25 22:44:33 UTC
x86 stable
Comment 6 Tobias Klausmann gentoo-dev 2018-03-31 15:39:48 UTC
Stable on alpha.
Comment 7 Sergei Trofimovich gentoo-dev 2018-03-31 20:00:40 UTC
ppc64 stable
Comment 8 Markus Meier gentoo-dev 2018-04-08 10:52:45 UTC
arm stable
Comment 9 Larry the Git Cow gentoo-dev 2018-04-17 21:57:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5ec97b56ecdc86b54aab4694aae8c288159f99da

commit 5ec97b56ecdc86b54aab4694aae8c288159f99da
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-04-17 19:37:56 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-17 21:57:21 +0000

    net-irc/irssi: stable 1.0.7 for ppc, bug #647780
    
    Bug: https://bugs.gentoo.org/647780
    Package-Manager: Portage-2.3.28, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 net-irc/irssi/irssi-1.0.7.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}
Comment 10 Matt Turner gentoo-dev 2018-04-22 20:19:46 UTC
hppa stable
Comment 11 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2018-04-22 21:13:51 UTC
GLSA Vote: No
Comment 12 Larry the Git Cow gentoo-dev 2018-04-22 21:14:09 UTC
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b2555e91977a0f54ff728eec396c64e3f9bf94b6

commit b2555e91977a0f54ff728eec396c64e3f9bf94b6
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-22 21:13:58 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-22 21:13:58 +0000

    net-irc/irssi: drop vulnerable
    
    Closes: https://bugs.gentoo.org/647780
    Package-Manager: Portage-2.3.31, Repoman-2.3.9

 net-irc/irssi/Manifest           |  4 ---
 net-irc/irssi/irssi-1.0.4.ebuild | 55 ----------------------------------------
 net-irc/irssi/irssi-1.0.5.ebuild | 54 ---------------------------------------
 net-irc/irssi/irssi-1.0.6.ebuild | 54 ---------------------------------------
 net-irc/irssi/irssi-1.1.0.ebuild | 54 ---------------------------------------
 5 files changed, 221 deletions(-)
Comment 13 Larry the Git Cow gentoo-dev 2018-04-27 21:08:15 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=125c9192cc85d003ac084ce88efa7a47eb15aa39

commit 125c9192cc85d003ac084ce88efa7a47eb15aa39
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-27 17:51:43 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-27 21:07:59 +0000

    net-irc/irssi: stable 1.0.7 for sparc
    
    Bug: https://bugs.gentoo.org/647780
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 net-irc/irssi/irssi-1.0.7.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}