Fedora 26: Moderate Irssi Buffer Overflow and Out-of-Bounds Read

Irssi is a modular IRC client with Perl scripting. Only text-mode

frontend is currently supported. The GTK/GNOME frontend is no longer

being maintained.

This is new version of irssi. It contains security fixes for CVE-2018-5205

CVE-2018-5206 CVE-2018-5207 CVE-2018-5208.

[ 1 ] Bug #1532624 - CVE-2018-5207 irssi: Out-of-bounds read when using an incomplete variable argument

https://bugzilla.redhat.com/show_bug.cgi?id=1532624

[ 2 ] Bug #1532622 - CVE-2018-5208 irssi: heap buffer overflow due to calculation error in the completion code

https://bugzilla.redhat.com/show_bug.cgi?id=1532622

[ 3 ] Bug #1532573 - CVE-2018-5205 irssi: Out-of-bounds read when using incomplete escape codes

https://bugzilla.redhat.com/show_bug.cgi?id=1532573

[ 4 ] Bug #1532569 - CVE-2018-5206 irssi: NULL pointer dereference when channel topic is set without specifying sender

https://bugzilla.redhat.com/show_bug.cgi?id=1532569

su -c 'dnf upgrade irssi' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org