Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Fedora 24 Irssi Security Advisory: Critical Out Of Bounds Issues

fedora
Calendar Grey January 30, 2017
Scroller Fedora
Crucial security patches for irssi on Fedora address multiple vulnerabilities, including out-of-bounds memory access and null pointer dereference concerns.
This is an security update fixing CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356.

Summary

Irssi is a modular IRC client with Perl scripting. Only text-mode

frontend is currently supported. The GTK/GNOME frontend is no longer

being maintained.

Update Information:

This is an security update fixing CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196, CVE-2017-5356.

Change Log

References


[ 1 ] Bug #1410821 - CVE-2017-5193 irssi: Null pointer dereference in the nickcmp function https://bugzilla.redhat.com/show_bug.cgi?id=1410821 [ 2 ] Bug #1410824 - CVE-2017-5194 irssi: Null pointer dereference in the nickcmp function https://bugzilla.redhat.com/show_bug.cgi?id=1410824 [ 3 ] Bug #1410825 - CVE-2017-5195 irssi: Out of bounds read in certain incomplete control codes https://bugzilla.redhat.com/show_bug.cgi?id=1410825 [ 4 ] Bug #1410827 - CVE-2017-5196 irssi: Out of bounds read in certain incomplete character sequences https://bugzilla.redhat.com/show_bug.cgi?id=1410827 [ 5 ] Bug #1413890 - CVE-2017-5356 irssi: Out-of-bounds read in format string https://bugzilla.redhat.com/show_bug.cgi?id=1413890

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade irssi' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: irssi
Product: Fedora 24
Version: 0.8.21
Release: 1.fc24
Summary: Modular text mode IRC client with Perl scripting

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.