SUSE Package Hub - openSUSE-2017-67

Update Info

openSUSE-2017-67

Security update for irssi

Type: security

Severity: moderate

Issued: 2017-01-09

Description:

irssi was updated to fix four vulnerabilities that could result in denial 
of service (remote crash) when connecting to malicious servers or receiving
specially crafted data. (boo#1018357)

- CVE-2017-5193: NULL pointer dereference in the nickcmp function
- CVE-2017-5194: out of bounds read in certain incomplete control codes
- CVE-2017-5195: out of bounds read in certain incomplete character sequences 
- CVE-2017-5196: Correct an error when receiving invalid nick message

References

CVE: CVE-2017-5196
CVE: CVE-2017-5195
CVE: CVE-2017-5194
CVE: CVE-2017-5193
Bugzilla: 1018357 VUL-1: CVE-2017-5193, CVE-2017-5194, CVE-2017-5195, CVE-2017-5196: irssi: Multiple Vulnerabilities (2017/01) [CWE-690, CWE-146, CWE-126]

Packages

irssi-0.8.21-12.1