Bug 1047709 - (CVE-2017-10965) VUL-0: CVE-2017-10965: irssi: 1.0.4 version update
(CVE-2017-10965)
VUL-0: CVE-2017-10965: irssi: 1.0.4 version update
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-07-07 12:51 UTC by Marcus Meissner
Modified: 2017-07-08 06:37 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-07-07 12:51:20 UTC
IRSSI-SA-2017-07 Irssi Security Advisory [1]
============================================
CVE-2017-10965, CVE-2017-10966.

Description
-----------

Two vulnerabilities have been located in Irssi.

(a) When receiving messages with invalid time stamps, Irssi would try
    to dereference a NULL pointer. Found by Brian 'geeknik' Carpenter
    of Geeknik Labs. (CWE-690)

    CVE-2017-10965 [2] was assigned to this bug

(b) While updating the internal nick list, Irssi may incorrectly use
    the GHashTable interface and free the nick while updating it. This
    will then result in use-after-free conditions on each access of
    the hash table. Found by Brian 'geeknik' Carpenter of Geeknik
    Labs. (CWE-416 caused by CWE-227)

    CVE-2017-10966 [3] was assigned to this bug


Impact
------

(a) May result in denial of service (remote crash).

(b) Undefined behaviour.


Affected versions
-----------------

All Irssi versions that we observed.


Fixed in
--------

Irssi 1.0.4


Recommended action
------------------

Upgrade to Irssi 1.0.4. Irssi 1.0.4 is a maintenance release in the
1.0 series, without any new features.

After installing the updated packages, one can issue the /upgrade
command to load the new binary. TLS connections will require
/reconnect.


Mitigating facts
----------------

(a) requires control over the ircd

(b) should not happen with a conforming ircd


Patch
-----

https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206
384d291


References
----------

[1] https://irssi.org/security/irssi_sa_2017_07.txt
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10965
[3] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10966
Comment 1 Ailin Nemui 2017-07-07 13:58:03 UTC
I opened https://build.opensuse.org/request/show/508810
Comment 2 Andreas Stieger 2017-07-07 14:16:26 UTC
thanks
Comment 3 Bernhard Wiedemann 2017-07-07 16:01:57 UTC
This is an autogenerated message for OBS integration:
This bug (1047709) was mentioned in
https://build.opensuse.org/request/show/508828 42.3 / irssi
Comment 4 Andreas Stieger 2017-07-07 23:03:38 UTC
fixed
Comment 5 Swamp Workflow Management 2017-07-08 04:10:18 UTC
openSUSE-SU-2017:1823-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047709
CVE References: CVE-2017-10965,CVE-2017-10966
Sources used:
openSUSE Leap 42.2 (src):    irssi-1.0.4-14.10.1
Comment 6 Swamp Workflow Management 2017-07-08 04:10:33 UTC
openSUSE-SU-2017:1824-1: An update that fixes two vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047709
CVE References: CVE-2017-10965,CVE-2017-10966
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    irssi-1.0.4-28.1