=========================================================== Ubuntu Security Notice USN-929-1 April 16, 2010 irssi vulnerabilities CVE-2010-1155, CVE-2010-1156 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: irssi 0.8.12-3ubuntu3.2 Ubuntu 8.10: irssi 0.8.12-4ubuntu2.2 Ubuntu 9.04: irssi 0.8.12-6ubuntu1.2 Ubuntu 9.10: irssi 0.8.14-1ubuntu1.1 After a standard system upgrade you need to restart irssi to effect the necessary changes. Details follow: It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155) Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156) This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.diff.gz Size/MD5: 28157 9e57c160ead8a8f142d1f5a43832bffc http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.dsc Size/MD5: 997 9f0486989f51939747bb1ebb06954a27 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_amd64.deb Size/MD5: 271404 2664da06403587d736c64f3898c79051 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_amd64.deb Size/MD5: 1161962 11312c219e59952d0206a1ed7d8553e9 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_i386.deb Size/MD5: 271416 0b59bc801928039d1d29c91b2782c8e9 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_i386.deb Size/MD5: 1078574 671dde03e0b04451ff3a892aa9a5cf6f lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_lpia.deb Size/MD5: 271406 54901decae93ac7e52dbbb15b5fc0f33 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_lpia.deb Size/MD5: 1072996 dd328dcfa7d15e9b53f7597aae3ea10e powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_powerpc.deb Size/MD5: 271442 fee46f9950eda248f0fe8c7e3790275b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_powerpc.deb Size/MD5: 1167876 54e4578993515f2b51d885164d28103a sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_sparc.deb Size/MD5: 271448 915ace3ae584bcde4a22860aef20a929 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_sparc.deb Size/MD5: 1103464 ebf0a5d0f88876642df1d54199c00cb2 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.diff.gz Size/MD5: 22949 05b1027b8cbc7893794a86a1ce3c9477 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.dsc Size/MD5: 1391 c447723cf0848e4494b966a88a07ed6d http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_amd64.deb Size/MD5: 272438 5fe32ea72f73f8e69f0738632fb97a66 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_amd64.deb Size/MD5: 1167370 0274792126c82c923b446104a0786a99 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_i386.deb Size/MD5: 272432 136f63c9c9f91e785d9e1b7bdbda0252 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_i386.deb Size/MD5: 1084792 bc52dd214d16cefe050848baf968d7a5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_lpia.deb Size/MD5: 272426 77755898ad90b14c5b152ac8dfa5010f http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_lpia.deb Size/MD5: 1075496 459ef8280bde35183d0e21d78d6a4606 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_powerpc.deb Size/MD5: 272444 5cf2f918096e94c73a89d27caccdb15a http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_powerpc.deb Size/MD5: 1165512 cf6f51526b9c12e76f8d55c28b55b696 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_sparc.deb Size/MD5: 272446 5717f7fbb9834883b20a445d044fd60b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_sparc.deb Size/MD5: 1098222 8edff97bb03c513aa1d301454d63caaa Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.diff.gz Size/MD5: 24807 caae22ec37b9db5ade9c4b23215f6b82 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.dsc Size/MD5: 1391 960eaacca58feaaa6291c03f4faa8848 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_amd64.deb Size/MD5: 272834 6206f3ed4d7a95f4e6a78fb2dd71b742 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_amd64.deb Size/MD5: 1168224 ec603d2e45db6232b9c70c0425175a63 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_i386.deb Size/MD5: 272838 84a9b57d67e73e0f5153c417195b5895 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_i386.deb Size/MD5: 1085950 eb89e6913556df69492d55e6e85d650a lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_lpia.deb Size/MD5: 272822 ae2a9f697f3c05f6c8ec68eeff0fa1d1 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_lpia.deb Size/MD5: 1076648 c77d2166f9e67bbbed1ff1dac0bf840a powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_powerpc.deb Size/MD5: 272846 6a9798a074b66a3da167005c1b33ba9c http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_powerpc.deb Size/MD5: 1166560 5a7ed4e30436205b92696d40bd2cbe4c sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_sparc.deb Size/MD5: 272840 d3e2191b24c540c374615be95ce950ee http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_sparc.deb Size/MD5: 1098618 7978ca96b1a957bb4cef7d816b56950f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.diff.gz Size/MD5: 21546 f4a8783034ccf63328c297664a47d3b3 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.dsc Size/MD5: 1391 7845487e0d0a1a5b186e626afd235ee3 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz Size/MD5: 1356130 7d9437f53209a61af4fe4c9c5528ffa7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_amd64.deb Size/MD5: 292894 126864465b69816317fe43fe09b2ada6 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_amd64.deb Size/MD5: 1171216 e6b17e846b9abe48a80db10014d4186f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_i386.deb Size/MD5: 292922 362c22be48ab7bc8297f8c82e95ccb39 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_i386.deb Size/MD5: 1090006 992162b6d1b43ab6eb593bed99df191d lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_lpia.deb Size/MD5: 292906 f1317ff5f2ad9218fb837fff0b7f33be http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_lpia.deb Size/MD5: 1087934 1e1722ca6efaf3d2da61ecf2bc0a048c powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_powerpc.deb Size/MD5: 292926 65f49b5e355f8412b97cc0bd727f6a42 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_powerpc.deb Size/MD5: 1154230 d38cee976915374aa583b38d429ee7e5 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_sparc.deb Size/MD5: 292932 dcd75d80b3f2f33b3ad1a2462e7c674b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_sparc.deb Size/MD5: 1098308 16a61331376a050d5c5882846399b3d1