Debian: DSA-1744-1: New weechat packages fix denial of service

    Date18 Mar 2009
    CategoryDebian
    74
    Posted ByLinuxSecurity Advisories
    Sebastien Helleu discovered that an error in the handling of color codes in the weechat IRC client could cause an out-of-bounds read of an internal color array. This can be used by an attacker to crash user clients
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1
    
    - --------------------------------------------------------------------------
    Debian Security Advisory DSA-1744-1                    This email address is being protected from spambots. You need JavaScript enabled to view it.
    	
    http://www.debian.org/security/                                 Nico Golde
    March 18th, 2009                        http://www.debian.org/security/faq
    - --------------------------------------------------------------------------
    
    Package        : weechat
    Vulnerability  : missing input sanitization
    Problem type   : remote
    Debian-specific: no
    CVE ID         : CVE-2009-0661
    Debian Bug     : 519940
    BugTraq ID     : 34148
    
    
    Sebastien Helleu discovered that an error in the handling of color codes
    in the weechat IRC client could cause an out-of-bounds read of an internal
    color array. This can be used by an attacker to crash user clients
    via a crafted PRIVMSG command.
    
    
    The weechat version in the oldstable distribution (etch) is not affected
    by this problem.
    
    For the stable distribution (lenny), this problem has been fixed in
    version 0.2.6-1+lenny1.
    
    For the testing distribution (squeeze), this problem will be fixed soon.
    
    For the unstable distribution (sid), this problem has been fixed in
    version 0.2.6.1-1.
    
    
    We recommend that you upgrade your weechat packages.
    
    Upgrade instructions
    - --------------------
    
    wget url
            will fetch the file for you
    dpkg -i file.deb
            will install the referenced file.
    
    If you are using the apt-get package manager, use the line for
    sources.list as given below:
    
    apt-get update
            will update the internal database
    apt-get upgrade
            will install corrected packages
    
    You may use an automated update by adding the resources from the
    footer to the proper configuration.
    
    
    Debian GNU/Linux 5.0 alias lenny
    - --------------------------------
    
    Debian (stable)
    - ---------------
    
    Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
    
    Source archives:
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz
        Size/MD5 checksum:  1615289 96fec32d773e650fed0eb21d51a9a945
      http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz
        Size/MD5 checksum:     2987 5a823583d320e0112fbf6f65c8d9d5a9
      http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc
        Size/MD5 checksum:     1288 95517e879e64485b1d8d2f0d93c231dc
    
    Architecture independent packages:
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb
        Size/MD5 checksum:    19814 3dc3c119f404e9c06f01a2433058431e
      http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb
        Size/MD5 checksum:   431768 8ba3ac668a829fcb4a5bdeb282249fc8
    
    amd64 architecture (AMD x86_64 (AMD64))
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb
        Size/MD5 checksum:   214810 96cd728e453b0e2c24681fbdd51c376f
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb
        Size/MD5 checksum:   119354 c6f0ac09b5ee2b32d3fabf7515501c4a
    
    arm architecture (ARM)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb
        Size/MD5 checksum:   192764 1ba5ba2f44affa3ea338cd230acde438
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb
        Size/MD5 checksum:   106736 f395304b5289245684ec30837bded1c1
    
    armel architecture (ARM EABI)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb
        Size/MD5 checksum:   195740 39cfcdb47694c7883979d2da7ab619aa
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb
        Size/MD5 checksum:   108830 ea4f281358563ac7e3cc396f0ee10501
    
    hppa architecture (HP PA RISC)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb
        Size/MD5 checksum:   223536 a83b056f959796e74629b5efd3617616
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb
        Size/MD5 checksum:   130270 7451de93d928fbd453eaf3a95dde1b65
    
    i386 architecture (Intel ia32)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb
        Size/MD5 checksum:   107776 ec239c51343e0ace3479559d9d7eaa7b
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb
        Size/MD5 checksum:   189350 c95243a796896dde0b87f0da1aecfc7d
    
    ia64 architecture (Intel ia64)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb
        Size/MD5 checksum:   149346 8f430bd31e411583fdbca07a11f9be27
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb
        Size/MD5 checksum:   315132 4a2f20117d12ccf245c798f7ed77da50
    
    mips architecture (MIPS (Big Endian))
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb
        Size/MD5 checksum:   214212 bae1939afacb219991d1a96ba79fd61c
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb
        Size/MD5 checksum:    95196 6bb1cc04140c54080782765e2449dbe3
    
    mipsel architecture (MIPS (Little Endian))
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb
        Size/MD5 checksum:   214114 a37aa2884f081d654caceda230c19fab
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb
        Size/MD5 checksum:    94412 8cdd416097d5c5c7a3372cf74fe0868e
    
    powerpc architecture (PowerPC)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb
        Size/MD5 checksum:   213552 b6388948dd607888576328cfab3d5ffe
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb
        Size/MD5 checksum:   130426 5dad2dd2db74cd00cbcd8f408a607a23
    
    s390 architecture (IBM S/390)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb
        Size/MD5 checksum:   208666 c5e3a27466af91c297fb11187fe1fb31
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb
        Size/MD5 checksum:   112248 921633d25598e4db478f8623a1b509e2
    
    sparc architecture (Sun SPARC/UltraSPARC)
    
      http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb
        Size/MD5 checksum:   188520 f7354ec16c2629cc2ca8976afe5fd057
      http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb
        Size/MD5 checksum:   109596 0d6bf31e83729c47b7598aee5d3f87e0
    
    
      These files will probably be moved into the stable distribution on
      its next update.
    
    - ---------------------------------------------------------------------------------
    For apt-get: deb http://security.debian.org/ stable/updates main
    For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
    Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it.
    Package info: `apt-cache show ' and http://packages.debian.org/
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"37","type":"x","order":"1","pct":51.39,"resources":[]},{"id":"88","title":"Should be more technical","votes":"10","type":"x","order":"2","pct":13.89,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"25","type":"x","order":"3","pct":34.72,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    Advisories

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.