Security update for irssi SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:0093-1 Final 1 1 2017-01-09T16:14:54Z current 2017-01-09T16:14:54Z 2017-01-09T16:14:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for irssi irssi was updated to fix four vulnerabilities that could result in denial of service (remote crash) when connecting to malicious servers or receiving specially crafted data. (boo#1018357) - CVE-2017-5193: NULL pointer dereference in the nickcmp function - CVE-2017-5194: out of bounds read in certain incomplete control codes - CVE-2017-5195: out of bounds read in certain incomplete character sequences - CVE-2017-5196: Correct an error when receiving invalid nick message The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-67 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1018357 SUSE Bug 1018357 https://www.suse.com/security/cve/CVE-2017-5193/ SUSE CVE CVE-2017-5193 page https://www.suse.com/security/cve/CVE-2017-5194/ SUSE CVE CVE-2017-5194 page https://www.suse.com/security/cve/CVE-2017-5195/ SUSE CVE CVE-2017-5195 page https://www.suse.com/security/cve/CVE-2017-5196/ SUSE CVE CVE-2017-5196 page SUSE Package Hub 12 irssi-0.8.21-12.1 irssi-devel-0.8.21-12.1 irssi-0.8.21-12.1 as a component of SUSE Package Hub 12 irssi-devel-0.8.21-12.1 as a component of SUSE Package Hub 12 The nickcmp function in Irssi before 0.8.21 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a message without a nick. CVE-2017-5193 SUSE Package Hub 12:irssi-0.8.21-12.1 SUSE Package Hub 12:irssi-devel-0.8.21-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5193.html CVE-2017-5193 https://bugzilla.suse.com/1018357 SUSE Bug 1018357 Use-after-free vulnerability in Irssi before 0.8.21 allows remote attackers to cause a denial of service (crash) via an invalid nick message. CVE-2017-5194 SUSE Package Hub 12:irssi-0.8.21-12.1 SUSE Package Hub 12:irssi-devel-0.8.21-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5194.html CVE-2017-5194 https://bugzilla.suse.com/1018357 SUSE Bug 1018357 Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via a crafted ANSI x8 color code. CVE-2017-5195 SUSE Package Hub 12:irssi-0.8.21-12.1 SUSE Package Hub 12:irssi-devel-0.8.21-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5195.html CVE-2017-5195 https://bugzilla.suse.com/1018357 SUSE Bug 1018357 Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial of service (out-of-bounds read and crash) via vectors involving strings that are not UTF8. CVE-2017-5196 SUSE Package Hub 12:irssi-0.8.21-12.1 SUSE Package Hub 12:irssi-devel-0.8.21-12.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5196.html CVE-2017-5196 https://bugzilla.suse.com/1018357 SUSE Bug 1018357