========================================================================== Ubuntu Security Notice USN-4594-1 October 20, 2020 quassel vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 18.04 LTS Summary: Quassel could be made to crash or run programs if it received specially crafted network traffic. Software Description: - quassel: distributed IRC client - monolithic core+client Details: It was discovered that Quassel incorrectly handled Qdatastream protocol. A remote attacker could possibly use this issue to execute arbitrary code. (CVE-2018-1000178) It was discovered that Quassel incorrectly handled certain login requests. A remote attacker could possibly use this issue to cause a denial of service. (CVE-2018-1000179) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 18.04 LTS: quassel 1:0.12.4-3ubuntu1.18.04.3 quassel-core 1:0.12.4-3ubuntu1.18.04.3 In general, a standard system update will make all the necessary changes. References: https://usn.ubuntu.com/4594-1 CVE-2018-1000178, CVE-2018-1000179 Package Information: https://launchpad.net/ubuntu/+source/quassel/1:0.12.4-3ubuntu1.18.04.3