lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100416003956.GA9535@severus.strandboge.com>
Date: Thu, 15 Apr 2010 19:39:56 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-929-1] irssi vulnerabilities

===========================================================
Ubuntu Security Notice USN-929-1             April 16, 2010
irssi vulnerabilities
CVE-2010-1155, CVE-2010-1156
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  irssi                           0.8.12-3ubuntu3.2

Ubuntu 8.10:
  irssi                           0.8.12-4ubuntu2.2

Ubuntu 9.04:
  irssi                           0.8.12-6ubuntu1.2

Ubuntu 9.10:
  irssi                           0.8.14-1ubuntu1.1

After a standard system upgrade you need to restart irssi to effect the
necessary changes.

Details follow:

It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)

Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)

This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.diff.gz
      Size/MD5:    28157 9e57c160ead8a8f142d1f5a43832bffc
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.dsc
      Size/MD5:      997 9f0486989f51939747bb1ebb06954a27
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_amd64.deb
      Size/MD5:   271404 2664da06403587d736c64f3898c79051
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_amd64.deb
      Size/MD5:  1161962 11312c219e59952d0206a1ed7d8553e9

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_i386.deb
      Size/MD5:   271416 0b59bc801928039d1d29c91b2782c8e9
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_i386.deb
      Size/MD5:  1078574 671dde03e0b04451ff3a892aa9a5cf6f

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_lpia.deb
      Size/MD5:   271406 54901decae93ac7e52dbbb15b5fc0f33
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_lpia.deb
      Size/MD5:  1072996 dd328dcfa7d15e9b53f7597aae3ea10e

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_powerpc.deb
      Size/MD5:   271442 fee46f9950eda248f0fe8c7e3790275b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_powerpc.deb
      Size/MD5:  1167876 54e4578993515f2b51d885164d28103a

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_sparc.deb
      Size/MD5:   271448 915ace3ae584bcde4a22860aef20a929
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_sparc.deb
      Size/MD5:  1103464 ebf0a5d0f88876642df1d54199c00cb2

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.diff.gz
      Size/MD5:    22949 05b1027b8cbc7893794a86a1ce3c9477
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.dsc
      Size/MD5:     1391 c447723cf0848e4494b966a88a07ed6d
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_amd64.deb
      Size/MD5:   272438 5fe32ea72f73f8e69f0738632fb97a66
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_amd64.deb
      Size/MD5:  1167370 0274792126c82c923b446104a0786a99

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_i386.deb
      Size/MD5:   272432 136f63c9c9f91e785d9e1b7bdbda0252
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_i386.deb
      Size/MD5:  1084792 bc52dd214d16cefe050848baf968d7a5

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_lpia.deb
      Size/MD5:   272426 77755898ad90b14c5b152ac8dfa5010f
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_lpia.deb
      Size/MD5:  1075496 459ef8280bde35183d0e21d78d6a4606

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_powerpc.deb
      Size/MD5:   272444 5cf2f918096e94c73a89d27caccdb15a
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_powerpc.deb
      Size/MD5:  1165512 cf6f51526b9c12e76f8d55c28b55b696

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_sparc.deb
      Size/MD5:   272446 5717f7fbb9834883b20a445d044fd60b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_sparc.deb
      Size/MD5:  1098222 8edff97bb03c513aa1d301454d63caaa

Updated packages for Ubuntu 9.04:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.diff.gz
      Size/MD5:    24807 caae22ec37b9db5ade9c4b23215f6b82
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.dsc
      Size/MD5:     1391 960eaacca58feaaa6291c03f4faa8848
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
      Size/MD5:  1335967 ddf717a430e1c13a272f528c4f529430

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_amd64.deb
      Size/MD5:   272834 6206f3ed4d7a95f4e6a78fb2dd71b742
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_amd64.deb
      Size/MD5:  1168224 ec603d2e45db6232b9c70c0425175a63

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_i386.deb
      Size/MD5:   272838 84a9b57d67e73e0f5153c417195b5895
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_i386.deb
      Size/MD5:  1085950 eb89e6913556df69492d55e6e85d650a

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_lpia.deb
      Size/MD5:   272822 ae2a9f697f3c05f6c8ec68eeff0fa1d1
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_lpia.deb
      Size/MD5:  1076648 c77d2166f9e67bbbed1ff1dac0bf840a

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_powerpc.deb
      Size/MD5:   272846 6a9798a074b66a3da167005c1b33ba9c
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_powerpc.deb
      Size/MD5:  1166560 5a7ed4e30436205b92696d40bd2cbe4c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_sparc.deb
      Size/MD5:   272840 d3e2191b24c540c374615be95ce950ee
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_sparc.deb
      Size/MD5:  1098618 7978ca96b1a957bb4cef7d816b56950f

Updated packages for Ubuntu 9.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.diff.gz
      Size/MD5:    21546 f4a8783034ccf63328c297664a47d3b3
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.dsc
      Size/MD5:     1391 7845487e0d0a1a5b186e626afd235ee3
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz
      Size/MD5:  1356130 7d9437f53209a61af4fe4c9c5528ffa7

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_amd64.deb
      Size/MD5:   292894 126864465b69816317fe43fe09b2ada6
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_amd64.deb
      Size/MD5:  1171216 e6b17e846b9abe48a80db10014d4186f

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_i386.deb
      Size/MD5:   292922 362c22be48ab7bc8297f8c82e95ccb39
    http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_i386.deb
      Size/MD5:  1090006 992162b6d1b43ab6eb593bed99df191d

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_lpia.deb
      Size/MD5:   292906 f1317ff5f2ad9218fb837fff0b7f33be
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_lpia.deb
      Size/MD5:  1087934 1e1722ca6efaf3d2da61ecf2bc0a048c

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_powerpc.deb
      Size/MD5:   292926 65f49b5e355f8412b97cc0bd727f6a42
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_powerpc.deb
      Size/MD5:  1154230 d38cee976915374aa583b38d429ee7e5

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_sparc.deb
      Size/MD5:   292932 dcd75d80b3f2f33b3ad1a2462e7c674b
    http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_sparc.deb
      Size/MD5:  1098308 16a61331376a050d5c5882846399b3d1




Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ