[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20100420173717.GA15652@severus.strandboge.com>
Date: Tue, 20 Apr 2010 12:37:17 -0500
From: Jamie Strandboge <jamie@...onical.com>
To: ubuntu-security-announce@...ts.ubuntu.com
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: [USN-929-2] irssi regression
===========================================================
Ubuntu Security Notice USN-929-2 April 20, 2010
irssi regression
https://launchpad.net/bugs/565182
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
irssi 0.8.12-3ubuntu3.3
Ubuntu 8.10:
irssi 0.8.12-4ubuntu2.3
Ubuntu 9.04:
irssi 0.8.12-6ubuntu1.3
Ubuntu 9.10:
irssi 0.8.14-1ubuntu1.2
After a standard system upgrade you need to restart irssi to effect the
necessary changes.
Details follow:
USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a
regression when using irssi with SSL and an IRC proxy. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.diff.gz
Size/MD5: 28579 0aae65e919d93a4afdaf6e3ef2f25811
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3.dsc
Size/MD5: 997 41e4f8fbd1ea2b5ac46b772a2d870791
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_amd64.deb
Size/MD5: 271514 2f39315d67cfaadb370f7247a7423462
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_amd64.deb
Size/MD5: 1162050 82bbd9e8dda20ae6a206a1fd5e9d58e5
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_i386.deb
Size/MD5: 271508 c5d4e95bbfbccb307bad2e276e71346d
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_i386.deb
Size/MD5: 1078826 16960c92a1a4f03b841e672253c6eb66
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_lpia.deb
Size/MD5: 271514 235171086dc59e7d7d4d7fe80bef59e4
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_lpia.deb
Size/MD5: 1073104 84c8f6dc52d06120bfc8dbad9048d938
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_powerpc.deb
Size/MD5: 271530 c1fde52be473a5a3dd37043c49b46835
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_powerpc.deb
Size/MD5: 1167998 8db4b3fbda07921925c0b1af6b2bbd7b
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.3_sparc.deb
Size/MD5: 271524 3b9c94ba4051305441aced440c2f414b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.3_sparc.deb
Size/MD5: 1103492 b14af4079863e6264dd422e9cfee85b6
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.diff.gz
Size/MD5: 23388 d6438c5ab92e4e5bc906015d7d2df88c
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3.dsc
Size/MD5: 1391 61a02c1b1ddcca3136ced650945396a8
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_amd64.deb
Size/MD5: 272502 cb3b40575a281da047225cbc24f5f1d9
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_amd64.deb
Size/MD5: 1167386 1b4d93f3cf0e70284d43ca603c2608ec
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_i386.deb
Size/MD5: 272512 be7340e970b815e90a53fc70053eaa7b
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_i386.deb
Size/MD5: 1084856 9be719c2e1970f81e9af98b1caf8e901
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_lpia.deb
Size/MD5: 272496 c30a61b04cb089d549094b88382ae7e4
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_lpia.deb
Size/MD5: 1075632 52aa77f32b2fff3fc54cc20c5274ddb3
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_powerpc.deb
Size/MD5: 272512 1f27a34b6eb0a4ad0f9a6aa46f3a4913
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_powerpc.deb
Size/MD5: 1165604 d1e7737a6f2082f4816d2de6d7406f53
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.3_sparc.deb
Size/MD5: 272518 68a4883fd2f754276c3158f35aed2e6a
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.3_sparc.deb
Size/MD5: 1098202 89c968768d8cf1edbc6eaa2e5cfb7dbb
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.diff.gz
Size/MD5: 25260 5eae245c14716a4c1c4d1d42867004cd
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3.dsc
Size/MD5: 1391 21778ad10c27b938c6ed2cfcfdaf1782
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_amd64.deb
Size/MD5: 272914 6d22140ce3c39e3e21107a9ff4334710
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_amd64.deb
Size/MD5: 1168344 8e579d8d1c0f50fb0f5d9c0e2d9015b3
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_i386.deb
Size/MD5: 272914 0775c3b7716c29538b3b8716dd6b1951
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_i386.deb
Size/MD5: 1086130 fa7400e267918f3ed556bc34dc54e2a2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_lpia.deb
Size/MD5: 272914 4c3a58c936ffc744e5862875fa75e712
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_lpia.deb
Size/MD5: 1076756 afee6c25ec29b4e6fb14a48318bf74e1
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_powerpc.deb
Size/MD5: 272934 d041aec1f43c5d0841f5810723d7df1b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_powerpc.deb
Size/MD5: 1166646 0018cca0d831d5e69fa41105c896da07
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.3_sparc.deb
Size/MD5: 272928 cbdf2e1f763b916a51cf3091eb6c52cf
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.3_sparc.deb
Size/MD5: 1098676 9bf353740f4ada1bc9dc7e31d5e0216f
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.diff.gz
Size/MD5: 21960 d215484620343d46296d54e775fb872a
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2.dsc
Size/MD5: 1391 e04e39359500551b8d19ceaf121b2a5d
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz
Size/MD5: 1356130 7d9437f53209a61af4fe4c9c5528ffa7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_amd64.deb
Size/MD5: 293044 c8d8bb7d5c66441b84d92ac8aa673b5b
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_amd64.deb
Size/MD5: 1171276 96929c614e10c32416e0d3322ec47fab
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_i386.deb
Size/MD5: 293072 1d8be08ceb8b756a31930189542e2e24
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_i386.deb
Size/MD5: 1090056 9eda24d6a1f788aa2f41ce7add4bd1cd
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_lpia.deb
Size/MD5: 293050 025897993b94336263a396b857c51915
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_lpia.deb
Size/MD5: 1088018 a14696301cb8323cafbcf780ba1da5be
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_powerpc.deb
Size/MD5: 293080 0e657891095c4c63b86df8aeb2b26dbc
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_powerpc.deb
Size/MD5: 1154298 6378326ae7174d8a4580d8901261aca1
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.2_sparc.deb
Size/MD5: 293080 f615ce757f47adae1d1d2fd02f9c9ffe
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.2_sparc.deb
Size/MD5: 1098308 8f6e2e7c0fd5ec0d5966fbf23d25686e
Download attachment "signature.asc" of type "application/pgp-signature" (199 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists