Security update for irssi SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2018:0477-1 Final 1 1 2018-02-19T08:15:17Z current 2018-02-19T08:15:17Z 2018-02-19T08:15:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for irssi This update for irssi fixes the following security issues: - CVE-2018-7054: Use after free when server is disconnected during netsplits - CVE-2018-7053: Use after free when SASL messages are received in unexpected order - CVE-2018-7050: Null pointer dereference when an 'empty' nick has been observed - CVE-2018-7052: When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference - CVE-2018-7051: Certain nick names could result in out of bounds access when printing theme strings The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2018-171 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1081238 SUSE Bug 1081238 https://www.suse.com/security/cve/CVE-2018-7050/ SUSE CVE CVE-2018-7050 page https://www.suse.com/security/cve/CVE-2018-7051/ SUSE CVE CVE-2018-7051 page https://www.suse.com/security/cve/CVE-2018-7052/ SUSE CVE CVE-2018-7052 page https://www.suse.com/security/cve/CVE-2018-7053/ SUSE CVE CVE-2018-7053 page https://www.suse.com/security/cve/CVE-2018-7054/ SUSE CVE CVE-2018-7054 page SUSE Package Hub 12 irssi-1.1.1-43.1 irssi-devel-1.1.1-43.1 irssi-1.1.1-43.1 as a component of SUSE Package Hub 12 irssi-devel-1.1.1-43.1 as a component of SUSE Package Hub 12 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A NULL pointer dereference occurs for an "empty" nick. CVE-2018-7050 SUSE Package Hub 12:irssi-1.1.1-43.1 SUSE Package Hub 12:irssi-devel-1.1.1-43.1 critical 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7050.html CVE-2018-7050 https://bugzilla.suse.com/1081238 SUSE Bug 1081238 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. Certain nick names could result in out-of-bounds access when printing theme strings. CVE-2018-7051 SUSE Package Hub 12:irssi-1.1.1-43.1 SUSE Package Hub 12:irssi-devel-1.1.1-43.1 critical 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7051.html CVE-2018-7051 https://bugzilla.suse.com/1081238 SUSE Bug 1081238 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. When the number of windows exceeds the available space, a crash due to a NULL pointer dereference would occur. CVE-2018-7052 SUSE Package Hub 12:irssi-1.1.1-43.1 SUSE Package Hub 12:irssi-devel-1.1.1-43.1 critical 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7052.html CVE-2018-7052 https://bugzilla.suse.com/1081238 SUSE Bug 1081238 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when SASL messages are received in an unexpected order. CVE-2018-7053 SUSE Package Hub 12:irssi-1.1.1-43.1 SUSE Package Hub 12:irssi-devel-1.1.1-43.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7053.html CVE-2018-7053 https://bugzilla.suse.com/1081238 SUSE Bug 1081238 An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. There is a use-after-free when a server is disconnected during netsplits. NOTE: this issue exists because of an incomplete fix for CVE-2017-7191. CVE-2018-7054 SUSE Package Hub 12:irssi-1.1.1-43.1 SUSE Package Hub 12:irssi-devel-1.1.1-43.1 critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2018-7054.html CVE-2018-7054 https://bugzilla.suse.com/1081238 SUSE Bug 1081238