CVE-2017-10965 Ubuntu Security Notification for Irssi Vulnerabilities (USN-3465-1)

漏洞类别:Ubuntu

漏洞等级:

漏洞信息

It was discovered that Irssi incorrectly handled messages with invalid time stamps.

It was discovered that Irssi incorrectly handled the internal nick list.

It was discovered that Irssi incorrectly removed destroyed channels from the query list.

It was discovered that Irssi incorrectly handled themes.

It was discovered that Irssi incorrectly handled certain DCC CTCP messages.

It was discovered that Irssi incorrectly handled certain channel IDs.

It was discovered that Irssi incorrectly handled certain long nicks or targets.

漏洞危害

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10965)

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-10966)

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15227)

If a user were tricked into using a malicious theme, a attacker could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15228)

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15721)

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15722)

A malicious IRC server could use this issue to cause Irssi to crash, resulting in a denial of service. (CVE-2017-15723)

解决方案

Refer to Ubuntu advisory USN-3465-1 for affected packages and patching details, or update with your package manager.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

USN-3465-1: 16.04 (Xenial) on src (irssi)

USN-3465-1: 17.10 (artful) on src (irssi)

USN-3465-1: 17.04 (zesty) on src (irssi)

USN-3465-1: 14.04 (Kylin) on src (irssi)

Leave a Reply