Alerts This Week
Warning Icon 1 687
Alerts This Week
Warning Icon 1 687

Ubuntu 16.04: USN-3086-1 Critical: Irssi Crash Due To Malicious Traffic

Calendar Sep 21, 2016 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network traffic application crash irssi
Irssi could be made to crash if it received specially crafted networktraffic. 
=========================================================================Ubuntu Security Notice USN-3086-1
September 21, 2016

irssi vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

Irssi could be made to crash if it received specially crafted network
traffic.

Software Description:
- irssi: terminal based IRC client

Details:

Gabriel Campana and Adrien Guinet discovered that the format parsing code
in Irssi did not properly verify 24bit color codes. A remote attacker could
use this to cause a denial of service (application crash). (CVE-2016-7044)

Gabriel Campana and Adrien Guinet discovered that a buffer overflow existed
in the format parsing code in Irssi. A remote attacker could use this to
cause a denial of service (application crash). (CVE-2016-7045)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS:
  irssi                           0.8.19-1ubuntu1.2

After a standard system update you need to restart Irssi to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-3086-1
  CVE-2016-7044, CVE-2016-7045

Package Information:
  https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.2

Ubuntu 16.04: USN-3086-1 Critical: Irssi Crash Due To Malicious Traffic

ubuntu
Calendar Grey September 21, 2016
Dist Ubuntu Esm H88
Potential security flaws in Irssi may result in application failures on Ubuntu 16.04. It is advisable to update to enhance system security.
Irssi could be made to crash if it received specially crafted networktraffic.

Summary

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network traffic application crash irssi

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 16.04 LTS: irssi 0.8.19-1ubuntu1.2 After a standard system update you need to restart Irssi to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-3086-1

CVE-2016-7044, CVE-2016-7045

Severity
critical
Lowest
Low
Medium
High
Critical

September 21, 2016

Topics%20covered

Topics Covered

security advisory denial of service Ubuntu network traffic application crash irssi

Package Information

https://launchpad.net/ubuntu/+source/irssi/0.8.19-1ubuntu1.2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here