Security update for irssi SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1505-1 Final 1 1 2017-06-08T11:11:34Z current 2017-06-08T11:11:34Z 2017-06-08T11:11:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for irssi This update to irssi 1.0.3 fixes the following vulnerabilities: - CVE-2017-9469: irssi: dcc crash with incorrect quoting (bsc#1043052) - CVE-2017-9468: irssi: dcc message crash without nick/host (bsc#1043051) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2017-668 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1043051 SUSE Bug 1043051 https://bugzilla.suse.com/1043052 SUSE Bug 1043052 https://www.suse.com/security/cve/CVE-2017-9468/ SUSE CVE CVE-2017-9468 page https://www.suse.com/security/cve/CVE-2017-9469/ SUSE CVE CVE-2017-9469 page SUSE Package Hub 12 irssi-1.0.3-25.1 irssi-devel-1.0.3-25.1 irssi-1.0.3-25.1 as a component of SUSE Package Hub 12 irssi-devel-1.0.3-25.1 as a component of SUSE Package Hub 12 In Irssi before 1.0.3, when receiving a DCC message without source nick/host, it attempts to dereference a NULL pointer. Thus, remote IRC servers can cause a crash. CVE-2017-9468 SUSE Package Hub 12:irssi-1.0.3-25.1 SUSE Package Hub 12:irssi-devel-1.0.3-25.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9468.html CVE-2017-9468 https://bugzilla.suse.com/1043051 SUSE Bug 1043051 https://bugzilla.suse.com/1064540 SUSE Bug 1064540 In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC files, it tries to find the terminating quote one byte before the allocated memory. Thus, remote attackers might be able to cause a crash. CVE-2017-9469 SUSE Package Hub 12:irssi-1.0.3-25.1 SUSE Package Hub 12:irssi-devel-1.0.3-25.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-9469.html CVE-2017-9469 https://bugzilla.suse.com/1043052 SUSE Bug 1043052