Ubuntu Security Notice 3590-1 - It was discovered that Irssi incorrectly handled certain empty nick names. An attacker could possibly use this issue to cause a denial of service. It was discovered that Irssi incorrectly handled certain nick names. An attacker could possibly use this to access sensitive information. It was discovered that Irssi incorrectly handled an increase in the number of windows. An attacker could possibly use this issue to cause a denial of service. Various other issues were also addressed.
0548e0f4b89dc7472e3ba7693481d4756872196117f9b9df068049b4f91aecb4
==========================================================================
Ubuntu Security Notice USN-3590-1
March 06, 2018
irssi vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 17.10
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Irssi.
Software Description:
- irssi: terminal based IRC client
Details:
It was discovered that Irssi incorrectly handled certain empty
nick names. An attacker could possibly use this issue to cause a denial
of service. (CVE-2018-7050)
It was discovered that Irssi incorrectly handled certain nick names.
An attacker could possibly use this to access sensitive information.
(CVE-2018-7051)
It was discovered that Irssi incorrectly handled an increase in the
number of windows. An attacker could possibly use this issue to cause
a denial of service. (CVE-2018-7052)
It was discovered that Irssi incorrectly handled certain messages.
An attacker could possibly use this issue to cause a denial of service
or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS
and Ubuntu 17.10. (CVE-2018-7053)
It was discovered that Irssi incorrectly handled certain
disconnections. An attacker could possibly use this to cause a denial
of service or execute arbitrary code. This issue only affected Ubuntu
17.10. (CVE-2018-7054)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
irssi 1.0.4-1ubuntu2.3
Ubuntu 16.04 LTS:
irssi 0.8.19-1ubuntu1.7
Ubuntu 14.04 LTS:
irssi 0.8.15-5ubuntu3.5
After a standard system update you need to restart Irssi to make all
the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3590-1
CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053,
CVE-2018-7054, CVE-2018-7073
Package Information:
https://launchpad.net/ubuntu/+source/irssi/1.0.4-1ubuntu2.3
https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.7
https://launchpad.net/ubuntu/+source/irssi/0.8.15-5ubuntu3.5