[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090713192602.GB8018@severus.strandboge.com>
Date: Mon, 13 Jul 2009 14:26:02 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-800-1] irssi vulnerability
===========================================================
Ubuntu Security Notice USN-800-1 July 13, 2009
irssi vulnerability
CVE-2009-1959
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
irssi 0.8.10-1ubuntu1.1
Ubuntu 8.04 LTS:
irssi 0.8.12-3ubuntu3.1
Ubuntu 8.10:
irssi 0.8.12-4ubuntu2.1
Ubuntu 9.04:
irssi 0.8.12-6ubuntu1.1
After a standard system upgrade you need to restart irssi to effect the
necessary changes.
Details follow:
It was discovered that irssi did not properly check the length of strings
when processing WALLOPS messages. If a user connected to an IRC network
where an attacker had IRC operator privileges, a remote attacker could
cause a denial of service.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.diff.gz
Size/MD5: 153485 c76b50ee0214ffeade913d27388ccb39
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.dsc
Size/MD5: 731 7c627e770089ad47e51cdccaebdfd3ce
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10.orig.tar.gz
Size/MD5: 1322825 ed29412e86e1d5fbb71d24ae02edd462
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_amd64.deb
Size/MD5: 253350 b7988fa042ae96a6a3527f9b3c9053b7
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_amd64.deb
Size/MD5: 205360 233dc6d41a8a0a204d1e8555e992447a
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_amd64.deb
Size/MD5: 1120732 43a93b55e0969cb85a7eb25381e5e0ab
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_i386.deb
Size/MD5: 253356 8bfca7ccf237bedc1543a7cc172ff373
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_i386.deb
Size/MD5: 205364 639b2df9bf00261a7ed0eff854c45d45
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_i386.deb
Size/MD5: 1013086 dbec700906ebd5cef1b3b5f1860af161
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_powerpc.deb
Size/MD5: 253372 5361bc09986c96efafce34a0c8eb1388
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_powerpc.deb
Size/MD5: 205364 b48e92135c6ddd6fb6e22feb9c9c72e1
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_powerpc.deb
Size/MD5: 1102212 dc4eb9eb69ea479cb8fbdcec5fe653df
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_sparc.deb
Size/MD5: 253370 6f8fd56bc8b7803cc91adc6a84ace106
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_sparc.deb
Size/MD5: 205360 30870fc30a164eed42aac19bf2b7a3d1
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_sparc.deb
Size/MD5: 1055578 7e1309cf46f06c455d396191b6b91ee7
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.diff.gz
Size/MD5: 24071 b83bb3674fa5d16307d7ecf9d0b0dc6c
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.dsc
Size/MD5: 996 c11231841b15900ded6608d12bb2fbe4
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_amd64.deb
Size/MD5: 271182 ac47cd0d048efa348e671c2849c60d86
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_amd64.deb
Size/MD5: 1159272 aa2826354fe258af8bda4fd051541b61
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_i386.deb
Size/MD5: 271184 6ea6b8816efdabffb8217d80d68d72cb
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_i386.deb
Size/MD5: 1076156 0c5c50ee8c9b7e89b7bacd32fc56a5e4
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_lpia.deb
Size/MD5: 271178 b2d419141aac13937b8e8c27bf0f0fd7
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_lpia.deb
Size/MD5: 1070272 25bb78d0757722146f1e00cf4aa3a1f7
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_powerpc.deb
Size/MD5: 271200 2aeb20fb432f4d3aa5d8b5e37fb770dc
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_powerpc.deb
Size/MD5: 1164908 5a5502d281326f1fbbf1770fd0ff2450
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_sparc.deb
Size/MD5: 271194 f2b95ea9a40aeaa5b0d891fe8669281d
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_sparc.deb
Size/MD5: 1099954 24ba8949b7d1887d8e14e6a122b0308b
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.diff.gz
Size/MD5: 18831 a26887cf62709a33d50b7452b94b0d66
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.dsc
Size/MD5: 1390 380dd166817d6636da8068b7d117957f
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_amd64.deb
Size/MD5: 272202 f1ad1b74c3d10788fdf1f213c99b67fc
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_amd64.deb
Size/MD5: 1164742 7433268f4731e2a7b88acec697df5e27
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_i386.deb
Size/MD5: 272214 7187b234b7eab2cd81038d3015b194c0
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_i386.deb
Size/MD5: 1081934 e10b000070c7aa5c8b201ce349259b15
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_lpia.deb
Size/MD5: 272182 4867d2069ee6df1cec187acee6320cbc
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_lpia.deb
Size/MD5: 1072888 508142c2792655d77e92d0e7e48db726
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_powerpc.deb
Size/MD5: 272214 2999207cc554976f7c2e01f4fc6efd2b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_powerpc.deb
Size/MD5: 1162928 37aca332581976e13afc95f809680839
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_sparc.deb
Size/MD5: 272220 02ef75b4c5eba33d9e7f9cbbe19303f4
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_sparc.deb
Size/MD5: 1095538 757143852d8c4c7849a253434629229f
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.diff.gz
Size/MD5: 20812 eb6aa3d63c1de2418610c745a8c6b6ac
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.dsc
Size/MD5: 1390 584470415039a47f1f57d303cff414fa
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_amd64.deb
Size/MD5: 272604 336644ea219e446ce2c700e456d84949
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_amd64.deb
Size/MD5: 1165418 5814ebb9e1abd39e89ddd9cd288ede11
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_i386.deb
Size/MD5: 272594 80232d032a5edd99ae19aaf68a188c4d
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_i386.deb
Size/MD5: 1082748 dec0bdac2d1e3a0f62b707403bf2a311
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_lpia.deb
Size/MD5: 272588 b0f1fffb8f42dab0ed8a5c4912e7e1f3
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_lpia.deb
Size/MD5: 1073846 e9ea02aebbe847efd09a44467102f2ee
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_powerpc.deb
Size/MD5: 272624 ccbc3a7bf2ffe5f4add29fa255435b92
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_powerpc.deb
Size/MD5: 1163624 0dc63456374de3e55d09f040c685dace
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_sparc.deb
Size/MD5: 272610 77de61952372522c3d131e11fa4570f2
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_sparc.deb
Size/MD5: 1095928 4b2b8206560970d01b40a197e88d73cb
Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists