Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 14 articles for you...
89
security advisorysoftware updateFedoraFedora 37: FEDORA-2022-88252e4f80 Moderate: Weechat 3.6 Update
- add command "/item" to create custom bar items - add bar item "spacer" - add case conversion in evaluation of expressions with "lower:string" and "upper:string" - move detailed list of hooks from command "/plugin listfull" to "/debug hooks " - allow to remove multiple filters at once with command "/filter del" - allow to catch multiple signals in functions hook_signal and hook_hsignal. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-88252e4f80 2022-11-10 22:04:44.627319 --------------------------------------------------------------------------------Name : weechat Product : Fedora 37 Version : 3.6 Release : 1.fc37 URL : https://weechat.org/ Summary : Portable, fast, light and extensible IRC client Description : WeeChat (Wee Enhanced Environment for Chat) is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts. --------------------------------------------------------------------------------Update Information: - add command "/item" to create custom bar items - add bar item "spacer" - add case conversion in evaluation of expressions with "lower:string" and "upper:string" - move detailed list of hooks from command "/plugin listfull" to "/debug hooks " - allow to remove multiple filters at once with command "/filter del" - allow to catch multiple signals in functions hook_signal and hook_hsignal - rename option "save" to "apply" in IRC command "/autojoin" - add support of RPL_HELPSTART, RPL_HELPTXT and RPL_ENDOFHELP (IRC messages 524, 704, 705, 706) -add support of PHP 8.2 - many bugs fixed. --------------------------------------------------------------------------------ChangeLog: * Wed Oct 5 2022 Michel Alexandre Salim 3.6-1 - Update to 3.6 --------------------------------------------------------------------------------References: [ 1 ] Bug #2063856 - weechat: SSL verification vulnerability[epel-all] https://bugzilla.redhat.com/show_bug.cgi?id=2063856 [ 2 ] Bug #2128160 - New version of weechat available 3.6 https://bugzilla.redhat.com/show_bug.cgi?id=2128160 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-88252e4f80' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Nov 10, 2022
Fedora
89
security advisorymoderatesoftware updateFedora 36: Important Update FEDORA-2023-6cfd180f94 for VLC Media Player
Update to new upstream version.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2022-127b6e8a95 2022-06-01 01:25:20.629804 --------------------------------------------------------------------------------Name : weechat Product : Fedora 35 Version : 3.5 Release : 2.fc35 URL : https://weechat.org/ Summary : Portable, fast, light and extensible IRC client Description : WeeChat (Wee Enhanced Environment for Chat) is a portable, fast, light and extensible IRC client. Everything can be done with a keyboard. It is customizable and extensible with scripts. --------------------------------------------------------------------------------Update Information: Update to new upstream version. --------------------------------------------------------------------------------ChangeLog: * Sun May 22 2022 Paul Komkoff 3.5-2 - Update to new upstream version 3.5 * Sun May 22 2022 Paul Komkoff 3.5-1 - Update to new upstream version 3.5 * Wed Jan 26 2022 Mamoru TASAKA 3.4-8 - F-36: rebuild against ruby31 * Sat Jan 22 2022 Fedora Release Engineering 3.4-7 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild --------------------------------------------------------------------------------References: [ 1 ] Bug #2063588 - weechat-3.5 is available https://bugzilla.redhat.com/show_bug.cgi?id=2063588 [ 2 ] Bug #2063855 - weechat: SSL verification vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2063855 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-127b6e8a95' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the FedoraProject can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
May 31, 2022
•Important
Fedora
202
security advisorymoderatesoftware updateopenSUSE: 2022:0083-1 Moderate: Weechat Crash Issue Fix
An update that fixes one vulnerability is now available. . openSUSE Security Update: Security update for weechat ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0083-1 Rating: moderate References: #1190206 Cross-References: CVE-2021-40516 Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for weechat fixes the following issues: update to 3.2.1: * CVE-2021-40516: relay: fix crash when decoding a malformed websocket frame (boo#1190206) update to 3.2 main changes: * use XDG directories by default (config, data, cache, runtime) * add support of IRC SASL mechanisms SCRAM-SHA-1, SCRAM-SHA-256 and SCRAM-SHA-512 * automatically load system certificates without giving a hardcoded path to the file with certificates * add options to customize commands executed on system signals received (SIGHUP, SIGQUIT, SIGTERM, SIGUSR1, SIGUSR2) * add bar item "tls_version" and buflist format * add signals "cursor_start" and "cursor_end" * add function crypto_hmac in API * add translated string in evaluation of expressions with "translate:xxx" * add info "weechat_daemon" * add Python stub for WeeChat API * add variables "${tg_shell_argc}" and "${tg_shell_argvN}" in command trigger evaluated strings * many bugs fixed. for all changes, please visit: https://weechat.org/files/changelog/ChangeLog-3.2.html update to 3.1 New features * core: add options weechat.look.hotlist_update_on_buffer_switch and weechat.look.read_marker_update_on_buffer_switch (issue #992, issue #993) * core: add option sec.crypt.passphrase_command to read passphrase from an external program on startup, remove option sec.crypt.passphrase_file (issue #141) * core: improve debug in command /eval: display more verbose debug with two "-d", add indentation and colors * core: add options "setvar" and "delvar" in command /buffer, rename option "localvar" to "listvar" * core: add buffer local variable "completion_default_template" (evaluated) to override the value of option "weechat.completion.default_template" (issue #1600) * core: add option "recreate" in command /filter * core: add raw string in evaluation of expressions with "raw:xxx" (issue #1611) * core: add evaluation of conditions in evaluation of expressions with "eval_cond:xxx" (issue #1582) * api: add info_hashtable "secured_data" * irc: add info "irc_is_message_ignored" * irc: add server option "default_chantypes", used when the server does not send them in message 005 (issue #1610) * trigger: add variable "${tg_trigger_name}" in command trigger evaluated strings (issue #1580) - Bug fixes * core: fix quoted line in cursor mode (issue #1602) * core: fix wrong size of the new window after vertical split (issue #1612) * core: do not remove quotes in arguments of command /eval as they can be part of the evaluated expression/condition (issue #1601) * core: display an error when the buffer is not found with command /command -buffer * buflist: add option buflist.look.use_items to speed up display of buflist (issue #1613) * irc: add bar item "irc_nick_prefix" * irc: fix separator between nick and host in bar item "irc_nick_host" * irc: fix completion of commands /halfop and /dehalfop - Documentation * do not build weechat-headless man page if headless binary is disabled (issue #1607) update to 3.0.1: * exec: fix search of command by identifier * spell: fix refresh of bar item "spell_suggest" when the input becomes empty (issue #1586) * spell: fix crash with IRCcolor codes in command line (issue #1589) update to 3.0 New features * api: add optional list of colors in infos "nick_color" and "nick_color_name" (issue #1565) * api: add argument "bytes" in function string_dyn_concat * api: add function string_color_code_size (issue #1547) * exec: add option "-oerr" to send stderr to buffer (now disabled by default) (issue #1566) * fset: add option fset.look.auto_refresh (issue #1553) * irc: add pointer to irc_nick in focus of bar item "buffer_nicklist" (issue #1535, issue #1538) * irc: allow to send text on buffers with commands /allchan, /allpv and /allserv * irc: evaluate command executed by commands /allchan, /allpv and /allserv (issue #1536) * script: add option script.scripts.download_enabled (issue #1548) * trigger: add variable "tg_argc" in data set by command trigger (issue #1576) * trigger: add variable "tg_trigger_name" in data set by all triggers (issue #1567, issue #1568) Bug fixes * core: set "notify_level" to 3 if there is a highlight in the line (issue #1529) * core: do not add line with highlight and tag "notify_none" to hotlist (issue #1529) * irc: remove SASL timeout message displayed by error after successful SASL authentication (issue #1515) * irc: send all channels in a single JOIN command when reconnecting to the server (issue #1551) * script: do not automatically download list of scripts on startup if the file is too old (issue #1548) * spell: properly skip WeeChat and IRC color codes when checking words in input (issue #1547) * trigger: fix recursive calls to triggers using regex (issue #1546) * trigger: add ${tg_tags} !!- ,notify_none, in conditions of default trigger "beep" (issue #1529) - Tests * core: add tests on GUI line functions - Build * core: disable debug by default in autotools build * tests: fix compilation withCppUTest ??? 4.0 - new .desktop file from weechat sources - update to 2.9 - New features * core: add bar option "color_bg_inactive": color for window bars in inactive window (issue #732) * core: add Alacritty title escape sequence support (issue #1517) * core: display notify level for current buffer with command /buffer notify (issue #1505) * core: count only visible nicks in bar item "buffer_nicklist_count", add bar items "buffer_nicklist_count_groups" and "buffer_nicklist_count_all" (issue #1506) * core: set default size for input bar to 0 (automatic) (issue #1498) * core: add default key Alt+Enter to insert a newline (issue #1498) * core: add flag "input_multiline" in buffer (issue #984, issue #1063) * core: add a scalable WeeChat logo (SVG) (issue #1454, issue #1456) * core: add base 16/32/64 encoding/decoding in evaluation of expressions with "base_encode:base,xxx" and "base_decode:base,xxx" * core: add case sensitive wildcard matching comparison operator (==* and !!*) and case sensitive/insensitive include comparison operators (==-, !!-, =-, !-) in evaluation of expressions * core: add default key Alt+Shift+N to toggle nicklist bar * core: add command line option "--stdout" in weechat-headless binary to log to stdout rather than ~/.weechat/weechat.log (issue #1475, issue #1477) * core: reload configuration files on SIGHUP (issue #1476) * api: add pointer "_bar_window" in hashtable sent to hook focus callback (issue #1450) * api: add info_hashtable "focus_info" (issue #1245, issue #1257) * api: rename function hook_completion_get_string to completion_get_string and hook_completion_list_add to completion_list_add * api: add functions completion_new, completion_search and completion_free * api: add hdata "completion_word" * buflist: add default key Alt+Shift+B to toggle buflist * buflist: add optionsenable/disable/toggle in command /buflist * buflist: evaluate option buflist.look.sort so that sort can be customized for each of the three buflist bar items (issue #1465) * irc: add support of UTF8MAPPING (issue #1528) * irc: display account messages in buffers (issue #1250) * python: add WeeChat sharedir python directory to PYTHONPATH (issue #1537) * relay: increase default limits for IRC backlog options * relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks, add options relay.network.password_hash_algo, relay.network.password_hash_iterations, relay.network.nonce_size (issue #1474) * relay: add command "completion" in weechat relay protocol to perform a completion on a string at a given position (issue #1484) * relay: add option relay.network.auth_timeout * relay: update default colors for client status * relay: add status "waiting_auth" in irc and weechat protocols (issue #1358) * trigger: evaluate arguments of command when the trigger is created (issue #1472) - Bug fixes * core: fix command /window scroll_beyond_end when buffer has fewer lines than chat height (issue #1509) * core: force buffer property "time_for_each_line" to 0 for buffers with free content (issue #1485) * core: don???t collapse consecutive newlines in lines displayed before the first buffer is created * core: don???t remove consecutive newlines when pasting text (issue #1500) * core: don???t collapse consecutive newlines in bar content (issue #1500) * core: fix WEECHAT_SHAREDIR with CMake build (issue #1461) * core: fix memory leak in calculation of expression on FreeBSD (issue #1469) * core: fix resize of a bar when its size is 0 (automatic) (issue #1470) * api: fix use of pointer after free in function key_unbind * api: replace plugin and buffer name by buffer pointer in argument "modifier_data" sent to weechat_print modifier callback (issue #42) * buflist: add "window" pointer in bar item evaluation only if it???s not NULL (if bar type is "window") * exec: fix use of same task id for different tasks (issue #1491) * fifo: fix errors when writing in the FIFO pipe (issue #713) * guile: enable again /guile eval (issue #1514) * irc: use new default chantypes "#&" when the server does not send it * irc: add support of optional server in info "irc_is_nick", fix check of nick using UTF8MAPPING isupport value (issue #1528) * irc: fix add of ignore with flags in regex, display full ignore mask in list of ignores (issue #1518) * irc: do not remove spaces at the end of users messages received (issue #1513) * irc: fix realname delimiter color in WHO/WHOX response (issue #1497) * irc: reuse a buffer with wrong type "channel" when a private message is received (issue #869) * python: fix crash when invalid UTF-8 string is in a WeeChat hashtable converted to a Python dict (issue #1463) * relay: add missing field "notify_level" in message "_buffer_line_added" (issue #1529) * relay: fix slow send of data to clients when SSL is enabled * trigger: only return trigger???s return code when condition evaluates to true (issue #592) * trigger: fix truncated trigger command with commands /trigger input|output|recreate * trigger: do not hide values of options with /set command in cmd_pass trigger - Documentation * add includes directory * merge 53 auto-generated files into 11 files * fix broken literal blocks in Japanese docs with Firefox (issue #1466) - Tests * core: add CI with GitHub Actions, move codecov.io upload to GitHub Actions * core: switch to Ubuntu Bionic on Travis CI, use pylint3 to lint Python scripts * core: run tests on plugins only if the plugins are enabled and compiled * irc: add tests on IRCcolor and channel functions - Build * javascript: disable build by default and remove Debian packaging of JavaScript plugin (issue #360) * core: make GnuTLS a required dependency * core: fix build with CMake 3.17.0 * core: fix build with cygport on Cygwin Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP3: zypper in -t patch openSUSE-2022-83=1 Package List: - openSUSE Backports SLE-15-SP3 (aarch64 i586 ppc64le s390x x86_64): weechat-3.2.1-bp153.2.3.1 weechat-devel-3.2.1-bp153.2.3.1 weechat-lua-3.2.1-bp153.2.3.1 weechat-perl-3.2.1-bp153.2.3.1 weechat-python-3.2.1-bp153.2.3.1 weechat-ruby-3.2.1-bp153.2.3.1 weechat-spell-3.2.1-bp153.2.3.1 weechat-tcl-3.2.1-bp153.2.3.1 - openSUSE Backports SLE-15-SP3 (noarch): weechat-lang-3.2.1-bp153.2.3.1 References: https://www.suse.com/security/cve/CVE-2021-40516.html https://bugzilla.suse.com/1190206 . openSUSE has released a Security Update for Weechat to address moderate vulnerability CVE-2021-40516 in the application.. openSUSE Security Update, Weechat Crash Fix, Linux Software Patch. . LinuxSecurity.com Team
Mar 18, 2022
OpenSUSE
203
security advisorymoderate severityweechatMageia 8 MGASA-2021-0466 Moderate: Weechat WebSocket Crash Issue
A crafted WebSocket frame could result in a crash in the weechat Relay plugin. References: - https://bugs.mageia.org/show_bug.cgi?id=29513 - https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html . MGASA-2021-0466 - Updated weechat packages fix security vulnerability Publication date: 06 Oct 2021 URL: https://advisories.mageia.org/MGASA-2021-0466.html Type: security Affected Mageia releases: 8 CVE: CVE-2021-40516 A crafted WebSocket frame could result in a crash in the weechat Relay plugin. References: - https://bugs.mageia.org/show_bug.cgi?id=29513 - https://lists.debian.org/debian-lts-announce/2021/09/msg00018.html - https://www.cve.org/CVERecord?id=CVE-2021-40516 SRPMS: - 8/core/weechat-3.0-1.1.mga8 . MGASA-2021-0467 releases a patch for weechat, enhancing stability by fixing vulnerabilities linked to the Relay module, preventing possible crashes.. Weechat Update, Mageia Security, WebSocket Issue. . LinuxSecurity.com Team
Oct 06, 2021
Mageia
197
security advisorycriticalsoftware updateDebian 9: DLA-2770-1 Critical: WeeChat Crash And Stability Fixes
Several vulnerabilities were fixed in the chat client WeeChat. CVE-2020-8955 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2770-1
Sep 30, 2021
•Critical
Debian LTS
203
security advisorysecurity issuebuffer overflowMageia 7: 2020-0153 Moderate: Weechat NULL Pointer & Buffer Overflow
Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash . MGASA-2020-0153 - Updated weechat packages fix security vulnerabilities Publication date: 02 Apr 2020 URL: https://advisories.mageia.org/MGASA-2020-0153.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-9759, CVE-2020-9760 Updated weechat packages fix security vulnerabilities: An issue was discovered in WeeChat before 2.7.1 (0.4.0 to 2.7 are affected). A malformed message 352 (who) can cause a NULL pointer dereference in the callback function, resulting in a crash (CVE-2020-9759). An issue was discovered in WeeChat before 2.7.1 (0.3.4 to 2.7 are affected). When a new IRC message 005 is received with longer nick prefixes, a buffer overflow and possibly a crash can happen when a new mode is set for a nick (CVE-2020-9760). References: - https://bugs.mageia.org/show_bug.cgi?id=26400 - https://lists.debian.org/debian-lts-announce/2020/03/msg00031.html - https://www.cve.org/CVERecord?id=CVE-2020-9759 - https://www.cve.org/CVERecord?id=CVE-2020-9760 SRPMS: - 7/core/weechat-2.7.1-1.mga7 . Recent Mageia updates for weechat packages tackle critical crashes and bolster security, with patches addressing vulnerabilities for a safer, stable experience and improved performance.. WeeChat Security Update, Mageia Vulnerability Fix, Weechat Buffer Overflow, Mageia Security Advisory. . LinuxSecurity.com Team
Apr 02, 2020
Mageia
197
security advisorydenial of servicebuffer overflowDebian 8: DLA-2157-1 Critical: Weechat Buffer Overflow Risk
Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that could result in . Package : weechat Version : 1.0.1-1+deb8u3 CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 Several issues have been found in weechat, a fast, light and extensible chat client. All issues are about crafted messages, that could result in a buffer overflow and application crash. This could cause a denial of service or possibly have other impact. For Debian 8 "Jessie", these problems have been fixed in version 1.0.1-1+deb8u3. We recommend that you upgrade your weechat packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Enhance weechat to rectify critical crafted message vulnerabilities resulting in buffer overflow and potential service disruption.. Weechat Update, Debian Security, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team
Mar 24, 2020
•Critical
Debian LTS
203
security advisorydenial of serviceupdateMageia: 2020-0122 Security Update For Weechat Denial Of Service Issue
Updated weechat packages fix security vulnerability: irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other . MGASA-2020-0122 - Updated weechat packages fix security vulnerability Publication date: 06 Mar 2020 URL: https://advisories.mageia.org/MGASA-2020-0122.html Type: security Affected Mageia releases: 7 CVE: CVE-2020-8955 Updated weechat packages fix security vulnerability: irc_mode_channel_update in plugins/irc/irc-mode.c in WeeChat through 2.7 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a malformed IRC message 324 (channel mode)(CVE-2020-8955). References: - https://bugs.mageia.org/show_bug.cgi?id=26267 - - https://www.cve.org/CVERecord?id=CVE-2020-8955 SRPMS: - 7/core/weechat-2.4-2.1.mga7 . WeeChat components refreshed to address security flaws associated with a memory overflow and service disruption vulnerability.. WeeChat Security Update, Mageia Vulnerability, Denial of Service Issue. . Severity: Important. LinuxSecurity.com Team
Mar 06, 2020
•Important
Mageia
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!