lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20090713192602.GB8018@severus.strandboge.com>
Date: Mon, 13 Jul 2009 14:26:02 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-800-1] irssi vulnerability

===========================================================
Ubuntu Security Notice USN-800-1              July 13, 2009
irssi vulnerability
CVE-2009-1959
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  irssi                           0.8.10-1ubuntu1.1

Ubuntu 8.04 LTS:
  irssi                           0.8.12-3ubuntu3.1

Ubuntu 8.10:
  irssi                           0.8.12-4ubuntu2.1

Ubuntu 9.04:
  irssi                           0.8.12-6ubuntu1.1

After a standard system upgrade you need to restart irssi to effect the
necessary changes.

Details follow:

It was discovered that irssi did not properly check the length of strings
when processing WALLOPS messages. If a user connected to an IRC network
where an attacker had IRC operator privileges, a remote attacker could
cause a denial of service.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.diff.gz
      Size/MD5:   153485 c76b50ee0214ffeade913d27388ccb39
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.dsc
      Size/MD5:      731 7c627e770089ad47e51cdccaebdfd3ce
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10.orig.tar.gz
      Size/MD5:  1322825 ed29412e86e1d5fbb71d24ae02edd462

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_amd64.deb
      Size/MD5:   253350 b7988fa042ae96a6a3527f9b3c9053b7
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_amd64.deb
      Size/MD5:   205360 233dc6d41a8a0a204d1e8555e992447a
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_amd64.deb
      Size/MD5:  1120732 43a93b55e0969cb85a7eb25381e5e0ab

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_i386.deb
      Size/MD5:   253356 8bfca7ccf237bedc1543a7cc172ff373
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_i386.deb
      Size/MD5:   205364 639b2df9bf00261a7ed0eff854c45d45
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_i386.deb
      Size/MD5:  1013086 dbec700906ebd5cef1b3b5f1860af161

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_powerpc.deb
      Size/MD5:   253372 5361bc09986c96efafce34a0c8eb1388
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_powerpc.deb
      Size/MD5:   205364 b48e92135c6ddd6fb6e22feb9c9c72e1
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_powerpc.deb
      Size/MD5:  1102212 dc4eb9eb69ea479cb8fbdcec5fe653df

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_sparc.deb
      Size/MD5:   253370 6f8fd56bc8b7803cc91adc6a84ace106
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_sparc.deb
      Size/MD5:   205360 30870fc30a164eed42aac19bf2b7a3d1
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_sparc.deb
      Size/MD5:  1055578 7e1309cf46f06c455d396191b6b91ee7

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.diff.gz
      Size/MD5:    24071 b83bb3674fa5d16307d7ecf9d0b0dc6c
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.dsc
      Size/MD5:      996 c11231841b15900ded6608d12bb2fbe4
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_amd64.deb
      Size/MD5:   271182 ac47cd0d048efa348e671c2849c60d86
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_amd64.deb
      Size/MD5:  1159272 aa2826354fe258af8bda4fd051541b61

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_i386.deb
      Size/MD5:   271184 6ea6b8816efdabffb8217d80d68d72cb
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_i386.deb
      Size/MD5:  1076156 0c5c50ee8c9b7e89b7bacd32fc56a5e4

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_lpia.deb
      Size/MD5:   271178 b2d419141aac13937b8e8c27bf0f0fd7
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_lpia.deb
      Size/MD5:  1070272 25bb78d0757722146f1e00cf4aa3a1f7

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_powerpc.deb
      Size/MD5:   271200 2aeb20fb432f4d3aa5d8b5e37fb770dc
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_powerpc.deb
      Size/MD5:  1164908 5a5502d281326f1fbbf1770fd0ff2450

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_sparc.deb
      Size/MD5:   271194 f2b95ea9a40aeaa5b0d891fe8669281d
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_sparc.deb
      Size/MD5:  1099954 24ba8949b7d1887d8e14e6a122b0308b

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.diff.gz
      Size/MD5:    18831 a26887cf62709a33d50b7452b94b0d66
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.dsc
      Size/MD5:     1390 380dd166817d6636da8068b7d117957f
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_amd64.deb
      Size/MD5:   272202 f1ad1b74c3d10788fdf1f213c99b67fc
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_amd64.deb
      Size/MD5:  1164742 7433268f4731e2a7b88acec697df5e27

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_i386.deb
      Size/MD5:   272214 7187b234b7eab2cd81038d3015b194c0
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_i386.deb
      Size/MD5:  1081934 e10b000070c7aa5c8b201ce349259b15

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_lpia.deb
      Size/MD5:   272182 4867d2069ee6df1cec187acee6320cbc
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_lpia.deb
      Size/MD5:  1072888 508142c2792655d77e92d0e7e48db726

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_powerpc.deb
      Size/MD5:   272214 2999207cc554976f7c2e01f4fc6efd2b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_powerpc.deb
      Size/MD5:  1162928 37aca332581976e13afc95f809680839

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_sparc.deb
      Size/MD5:   272220 02ef75b4c5eba33d9e7f9cbbe19303f4
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_sparc.deb
      Size/MD5:  1095538 757143852d8c4c7849a253434629229f

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.diff.gz
      Size/MD5:    20812 eb6aa3d63c1de2418610c745a8c6b6ac
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.dsc
      Size/MD5:     1390 584470415039a47f1f57d303cff414fa
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_amd64.deb
      Size/MD5:   272604 336644ea219e446ce2c700e456d84949
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_amd64.deb
      Size/MD5:  1165418 5814ebb9e1abd39e89ddd9cd288ede11

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_i386.deb
      Size/MD5:   272594 80232d032a5edd99ae19aaf68a188c4d
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_i386.deb
      Size/MD5:  1082748 dec0bdac2d1e3a0f62b707403bf2a311

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_lpia.deb
      Size/MD5:   272588 b0f1fffb8f42dab0ed8a5c4912e7e1f3
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_lpia.deb
      Size/MD5:  1073846 e9ea02aebbe847efd09a44467102f2ee

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_powerpc.deb
      Size/MD5:   272624 ccbc3a7bf2ffe5f4add29fa255435b92
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_powerpc.deb
      Size/MD5:  1163624 0dc63456374de3e55d09f040c685dace

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_sparc.deb
      Size/MD5:   272610 77de61952372522c3d131e11fa4570f2
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_sparc.deb
      Size/MD5:  1095928 4b2b8206560970d01b40a197e88d73cb



Download attachment "signature.asc" of type "application/pgp-signature" (198 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ