SUSE Package Hub

Update Info

5661

Security update for irssi

Type: security

Severity: moderate

Issued: 2016-10-07

Description:

The IRC client irssi was updated to 0.8.20, fixing various bugs and security issues.

* CVE-2016-7044: The unformat_24bit_color function in the format parsing
  code in Irssi, when compiled with true-color enabled, allowed remote
  attackers to cause a denial of service (heap corruption and crash)
  via an incomplete 24bit color code.
* CVE-2016-7045: The format_send_to_gui function in the format parsing
  code in Irssi allowed remote attackers to cause a denial of service
  (heap corruption and crash) via vectors involving the length of a string.

See https://irssi.org/security/irssi_sa_2016.txt for more details.

* CVE-2016-7553: A information disclosure vulnerability in irssi buf.pl

See https://irssi.org/2016/09/22/buf.pl-update/ for more information.

References

CVE: CVE-2016-7553
CVE: CVE-2016-7045
CVE: CVE-2016-7044
Bugzilla: 999199 VUL-0: CVE-2016-7044, CVE-2016-7045: irssi: heap corruption and missing boundary checks
Bugzilla: 1001215 VUL-1: CVE-2016-7553: irssi: Information disclosure in buf.pl

Packages

irssi-0.8.20-9.1