lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100420173717.GA15652@severus.strandboge.com>
Date: Tue, 20 Apr 2010 12:37:17 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Subject: [USN-929-2] irssi regression

===========================================================
Ubuntu Security Notice USN-929-2             April 20, 2010
irssi regression
https://launchpad.net/bugs/565182
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  irssi                           0.8.12-3ubuntu3.3

Ubuntu 8.10:
  irssi                           0.8.12-4ubuntu2.3

Ubuntu 9.04:
  irssi                           0.8.12-6ubuntu1.3

Ubuntu 9.10:
  irssi                           0.8.14-1ubuntu1.2

After a standard system upgrade you need to restart irssi to effect the
necessary changes.

Details follow:

USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a
regression when using irssi with SSL and an IRC proxy. This update fixes
the problem.

We apologize for the inconvenience.

Original advisory details:

 It was discovered that irssi did not perform certificate host validation
 when using SSL connections. An attacker could exploit this to perform a man
 in the middle attack to view sensitive information or alter encrypted
 communications. (CVE-2010-1155)
 
 Aurelien Delaitre discovered that irssi could be made to dereference a NULL
 pointer when a user left the channel. A remote attacker could cause a
 denial of service via application crash. (CVE-2010-1156)
 
 This update also adds SSLv3 and TLSv1 support, while disabling the old,
 insecure SSLv2 protocol.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.diff.gz
      Size/MD5:    28579 0aae65e919d93a4afdaf6e3ef2f25811
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.dsc
      Size/MD5:      997 41e4f8fbd1ea2b5ac46b772a2d870791
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_amd64.deb
      Size/MD5:   271514 2f39315d67cfaadb370f7247a7423462
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_amd64.deb
      Size/MD5:  1162050 82bbd9e8dda20ae6a206a1fd5e9d58e5

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_i386.deb
      Size/MD5:   271508 c5d4e95bbfbccb307bad2e276e71346d
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_i386.deb
      Size/MD5:  1078826 16960c92a1a4f03b841e672253c6eb66

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_lpia.deb
      Size/MD5:   271514 235171086dc59e7d7d4d7fe80bef59e4
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_lpia.deb
      Size/MD5:  1073104 84c8f6dc52d06120bfc8dbad9048d938

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_powerpc.deb
      Size/MD5:   271530 c1fde52be473a5a3dd37043c49b46835
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_powerpc.deb
      Size/MD5:  1167998 8db4b3fbda07921925c0b1af6b2bbd7b

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_sparc.deb
      Size/MD5:   271524 3b9c94ba4051305441aced440c2f414b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_sparc.deb
      Size/MD5:  1103492 b14af4079863e6264dd422e9cfee85b6

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.diff.gz
      Size/MD5:    23388 d6438c5ab92e4e5bc906015d7d2df88c
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.dsc
      Size/MD5:     1391 61a02c1b1ddcca3136ced650945396a8
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_amd64.deb
      Size/MD5:   272502 cb3b40575a281da047225cbc24f5f1d9
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_amd64.deb
      Size/MD5:  1167386 1b4d93f3cf0e70284d43ca603c2608ec

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_i386.deb
      Size/MD5:   272512 be7340e970b815e90a53fc70053eaa7b
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_i386.deb
      Size/MD5:  1084856 9be719c2e1970f81e9af98b1caf8e901

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_lpia.deb
      Size/MD5:   272496 c30a61b04cb089d549094b88382ae7e4
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_lpia.deb
      Size/MD5:  1075632 52aa77f32b2fff3fc54cc20c5274ddb3

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_powerpc.deb
      Size/MD5:   272512 1f27a34b6eb0a4ad0f9a6aa46f3a4913
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_powerpc.deb
      Size/MD5:  1165604 d1e7737a6f2082f4816d2de6d7406f53

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_sparc.deb
      Size/MD5:   272518 68a4883fd2f754276c3158f35aed2e6a
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_sparc.deb
      Size/MD5:  1098202 89c968768d8cf1edbc6eaa2e5cfb7dbb

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.diff.gz
      Size/MD5:    25260 5eae245c14716a4c1c4d1d42867004cd
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.dsc
      Size/MD5:     1391 21778ad10c27b938c6ed2cfcfdaf1782
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_amd64.deb
      Size/MD5:   272914 6d22140ce3c39e3e21107a9ff4334710
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_amd64.deb
      Size/MD5:  1168344 8e579d8d1c0f50fb0f5d9c0e2d9015b3

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_i386.deb
      Size/MD5:   272914 0775c3b7716c29538b3b8716dd6b1951
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_i386.deb
      Size/MD5:  1086130 fa7400e267918f3ed556bc34dc54e2a2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_lpia.deb
      Size/MD5:   272914 4c3a58c936ffc744e5862875fa75e712
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_lpia.deb
      Size/MD5:  1076756 afee6c25ec29b4e6fb14a48318bf74e1

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_powerpc.deb
      Size/MD5:   272934 d041aec1f43c5d0841f5810723d7df1b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_powerpc.deb
      Size/MD5:  1166646 0018cca0d831d5e69fa41105c896da07

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_sparc.deb
      Size/MD5:   272928 cbdf2e1f763b916a51cf3091eb6c52cf
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_sparc.deb
      Size/MD5:  1098676 9bf353740f4ada1bc9dc7e31d5e0216f

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.diff.gz
      Size/MD5:    21960 d215484620343d46296d54e775fb872a
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.dsc
      Size/MD5:     1391 e04e39359500551b8d19ceaf121b2a5d
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz
      Size/MD5:  1356130 7d9437f53209a61af4fe4c9c5528ffa7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_amd64.deb
      Size/MD5:   293044 c8d8bb7d5c66441b84d92ac8aa673b5b
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_amd64.deb
      Size/MD5:  1171276 96929c614e10c32416e0d3322ec47fab

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_i386.deb
      Size/MD5:   293072 1d8be08ceb8b756a31930189542e2e24
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_i386.deb
      Size/MD5:  1090056 9eda24d6a1f788aa2f41ce7add4bd1cd

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_lpia.deb
      Size/MD5:   293050 025897993b94336263a396b857c51915
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_lpia.deb
      Size/MD5:  1088018 a14696301cb8323cafbcf780ba1da5be

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_powerpc.deb
      Size/MD5:   293080 0e657891095c4c63b86df8aeb2b26dbc
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_powerpc.deb
      Size/MD5:  1154298 6378326ae7174d8a4580d8901261aca1

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_sparc.deb
      Size/MD5:   293080 f615ce757f47adae1d1d2fd02f9c9ffe
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_sparc.deb
      Size/MD5:  1098308 8f6e2e7c0fd5ec0d5966fbf23d25686e




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ