========================================================================== Ubuntu Security Notice USN-3465-1 October 26, 2017 irssi vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 17.10 - Ubuntu 17.04 - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in Irssi. Software Description: - irssi: terminal based IRC client Details: Brian Carpenter discovered that Irssi incorrectly handled messages with invalid time stamps. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965) Brian Carpenter discovered that Irssi incorrectly handled the internal nick list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966) Joseph Bisch discovered that Irssi incorrectly removed destroyed channels from the query list. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227) Hanno BAPck discovered that Irssi incorrectly handled themes. If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228) Joseph Bisch discovered that Irssi incorrectly handled certain DCC CTCP messages. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721) Joseph Bisch discovered that Irssi incorrectly handled certain channel IDs. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722) Joseph Bisch discovered that Irssi incorrectly handled certain long nicks or targets. A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 17.10: irssi 1.0.4-1ubuntu2.1 Ubuntu 17.04: irssi 0.8.20-2ubuntu2.2 Ubuntu 16.04 LTS: irssi 0.8.19-1ubuntu1.5 Ubuntu 14.04 LTS: irssi 0.8.15-5ubuntu3.3 After a standard system update you need to restart Irssi to make all the necessary changes. References: https://www.ubuntu.com/usn/usn-3465-1 CVE-2017-10965, CVE-2017-10966, CVE-2017-15227, CVE-2017-15228, CVE-2017-15721, CVE-2017-15722, CVE-2017-15723 Package Information: https://launchpad.net/ubuntu/+source/irssi/1.0.4-1ubuntu2.1 https://launchpad.net/ubuntu/+source/irssi/0.8.20-2ubuntu2.2 https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.5 https://launchpad.net/ubuntu/+source/irssi/0.8.15-5ubuntu3.3