SUSE Package Hub - openSUSE-2018-171

Update Info

openSUSE-2018-171

Security update for irssi

Type: security

Severity: moderate

Issued: 2018-02-19

Description:

This update for irssi fixes the following security issues:

- CVE-2018-7054: Use after free when server is disconnected during netsplits
- CVE-2018-7053: Use after free when SASL messages are received in unexpected order
- CVE-2018-7050: Null pointer dereference when an "empty" nick has been observed
- CVE-2018-7052: When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference
- CVE-2018-7051: Certain nick names could result in out of bounds access when printing theme strings

References

CVE: CVE-2018-7054
CVE: CVE-2018-7053
CVE: CVE-2018-7052
CVE: CVE-2018-7051
CVE: CVE-2018-7050
Bugzilla: 1081238 VUL-0: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054, CVE-2018-7055: irssi: multiple vulnerabilities fixed in 1.1.1 and 1.0.7 (IRSSI-SA-2018-02)

Packages

irssi-1.1.1-43.1