Bug 1081238 - (CVE-2018-7050) VUL-0: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7054, CVE-2018-7055: irssi: multiple vulnerabilities fixed in 1.1.1 and 1.0.7 (IRSSI-SA-2018-02)
(CVE-2018-7050)
VUL-0: CVE-2018-7050, CVE-2018-7051, CVE-2018-7052, CVE-2018-7053, CVE-2018-7...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 42.3
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/200155/
CVSSv3:RedHat:CVE-2018-7052:3.7:(AV:N...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-02-15 19:26 UTC by Andreas Stieger
Modified: 2018-02-19 15:40 UTC (History)
4 users (show)

See Also:
Found By: Community User
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2018-02-15 19:26:06 UTC
https://irssi.org/2018/02/15/irssi-1.1.1-1.0.7-released/
https://irssi.org/security/html/irssi_sa_2018_02/

IRSSI-SA-2018-02 Irssi Security Advisory

CVE-2018-7054, CVE-2018-7053, CVE-2018-7050, CVE-2018-7052, CVE-2018-7051
Description

Multiple vulnerabilities have been located in Irssi.

    Use after free when server is disconnected during netsplits. (CWE-416, CWE-825)

    CVE-2018-7054 was assigned to this issue.

    Use after free when SASL messages are received in unexpected order. (CWE-416, CWE-691)

    CVE-2018-7053 was assigned to this issue.

    Null pointer dereference when an “empty” nick has been observed by Irssi. (CWE-476, CWE-475)

    CVE-2018-7050 was assigned to this issue.

    When the number of windows exceed the available space, Irssi would crash due to Null pointer dereference. (CWE-690)

    CVE-2018-7052 was assigned to this issue.

    Certain nick names could result in out of bounds access when printing theme strings.(CWE-126)

    CVE-2018-7051 was assigned to this issue.


Submitted in https://build.opensuse.org/request/show/577088
Comment 1 Andreas Stieger 2018-02-15 19:33:39 UTC
submitted, thanks. Also extra points for doing the correct versions each.
Comment 2 Andreas Stieger 2018-02-19 08:15:06 UTC
done
Comment 3 Swamp Workflow Management 2018-02-19 14:15:22 UTC
openSUSE-SU-2018:0475-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1081238
CVE References: CVE-2018-7050,CVE-2018-7051,CVE-2018-7052,CVE-2018-7053,CVE-2018-7054
Sources used:
openSUSE Leap 42.3 (src):    irssi-1.0.7-25.1
Comment 4 Swamp Workflow Management 2018-02-19 14:16:46 UTC
openSUSE-SU-2018:0477-1: An update that fixes 5 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1081238
CVE References: CVE-2018-7050,CVE-2018-7051,CVE-2018-7052,CVE-2018-7053,CVE-2018-7054
Sources used:
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    irssi-1.1.1-43.1