=========================================================== Ubuntu Security Notice USN-929-2 April 20, 2010 irssi regression https://launchpad.net/bugs/565182 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: irssi 0.8.12-3ubuntu3.3 Ubuntu 8.10: irssi 0.8.12-4ubuntu2.3 Ubuntu 9.04: irssi 0.8.12-6ubuntu1.3 Ubuntu 9.10: irssi 0.8.14-1ubuntu1.2 After a standard system upgrade you need to restart irssi to effect the necessary changes. Details follow: USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155) Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156) This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.diff.gz Size/MD5: 28579 0aae65e919d93a4afdaf6e3ef2f25811 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.dsc Size/MD5: 997 41e4f8fbd1ea2b5ac46b772a2d870791 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_amd64.deb Size/MD5: 271514 2f39315d67cfaadb370f7247a7423462 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_amd64.deb Size/MD5: 1162050 82bbd9e8dda20ae6a206a1fd5e9d58e5 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_i386.deb Size/MD5: 271508 c5d4e95bbfbccb307bad2e276e71346d http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_i386.deb Size/MD5: 1078826 16960c92a1a4f03b841e672253c6eb66 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_lpia.deb Size/MD5: 271514 235171086dc59e7d7d4d7fe80bef59e4 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_lpia.deb Size/MD5: 1073104 84c8f6dc52d06120bfc8dbad9048d938 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_powerpc.deb Size/MD5: 271530 c1fde52be473a5a3dd37043c49b46835 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_powerpc.deb Size/MD5: 1167998 8db4b3fbda07921925c0b1af6b2bbd7b sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_sparc.deb Size/MD5: 271524 3b9c94ba4051305441aced440c2f414b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_sparc.deb Size/MD5: 1103492 b14af4079863e6264dd422e9cfee85b6 Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.diff.gz Size/MD5: 23388 d6438c5ab92e4e5bc906015d7d2df88c http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.dsc Size/MD5: 1391 61a02c1b1ddcca3136ced650945396a8 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_amd64.deb Size/MD5: 272502 cb3b40575a281da047225cbc24f5f1d9 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_amd64.deb Size/MD5: 1167386 1b4d93f3cf0e70284d43ca603c2608ec i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_i386.deb Size/MD5: 272512 be7340e970b815e90a53fc70053eaa7b http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_i386.deb Size/MD5: 1084856 9be719c2e1970f81e9af98b1caf8e901 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_lpia.deb Size/MD5: 272496 c30a61b04cb089d549094b88382ae7e4 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_lpia.deb Size/MD5: 1075632 52aa77f32b2fff3fc54cc20c5274ddb3 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_powerpc.deb Size/MD5: 272512 1f27a34b6eb0a4ad0f9a6aa46f3a4913 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_powerpc.deb Size/MD5: 1165604 d1e7737a6f2082f4816d2de6d7406f53 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_sparc.deb Size/MD5: 272518 68a4883fd2f754276c3158f35aed2e6a http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_sparc.deb Size/MD5: 1098202 89c968768d8cf1edbc6eaa2e5cfb7dbb Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.diff.gz Size/MD5: 25260 5eae245c14716a4c1c4d1d42867004cd http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.dsc Size/MD5: 1391 21778ad10c27b938c6ed2cfcfdaf1782 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_amd64.deb Size/MD5: 272914 6d22140ce3c39e3e21107a9ff4334710 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_amd64.deb Size/MD5: 1168344 8e579d8d1c0f50fb0f5d9c0e2d9015b3 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_i386.deb Size/MD5: 272914 0775c3b7716c29538b3b8716dd6b1951 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_i386.deb Size/MD5: 1086130 fa7400e267918f3ed556bc34dc54e2a2 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_lpia.deb Size/MD5: 272914 4c3a58c936ffc744e5862875fa75e712 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_lpia.deb Size/MD5: 1076756 afee6c25ec29b4e6fb14a48318bf74e1 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_powerpc.deb Size/MD5: 272934 d041aec1f43c5d0841f5810723d7df1b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_powerpc.deb Size/MD5: 1166646 0018cca0d831d5e69fa41105c896da07 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_sparc.deb Size/MD5: 272928 cbdf2e1f763b916a51cf3091eb6c52cf http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_sparc.deb Size/MD5: 1098676 9bf353740f4ada1bc9dc7e31d5e0216f Updated packages for Ubuntu 9.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.diff.gz Size/MD5: 21960 d215484620343d46296d54e775fb872a http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.dsc Size/MD5: 1391 e04e39359500551b8d19ceaf121b2a5d http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz Size/MD5: 1356130 7d9437f53209a61af4fe4c9c5528ffa7 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_amd64.deb Size/MD5: 293044 c8d8bb7d5c66441b84d92ac8aa673b5b http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_amd64.deb Size/MD5: 1171276 96929c614e10c32416e0d3322ec47fab i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_i386.deb Size/MD5: 293072 1d8be08ceb8b756a31930189542e2e24 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_i386.deb Size/MD5: 1090056 9eda24d6a1f788aa2f41ce7add4bd1cd lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_lpia.deb Size/MD5: 293050 025897993b94336263a396b857c51915 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_lpia.deb Size/MD5: 1088018 a14696301cb8323cafbcf780ba1da5be powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_powerpc.deb Size/MD5: 293080 0e657891095c4c63b86df8aeb2b26dbc http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_powerpc.deb Size/MD5: 1154298 6378326ae7174d8a4580d8901261aca1 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_sparc.deb Size/MD5: 293080 f615ce757f47adae1d1d2fd02f9c9ffe http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_sparc.deb Size/MD5: 1098308 8f6e2e7c0fd5ec0d5966fbf23d25686e