Slackware Linux update for irssi

Published: 2019-01-13 12:59:16 | Updated: 2019-01-13
Severity High
Patch available YES
Number of vulnerabilities 6
CVE ID CVE-2018-7050
CVE-2018-7051
CVE-2018-7052
CVE-2018-7053
CVE-2018-7054
CVE-2019-5882
CVSSv3 6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
6.5 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
8.7 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
4.6 [CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CWE ID CWE-476
CWE-787
CWE-416
Exploitation vector Network
Public exploit N/A
Vulnerable software Slackware Linux
Vulnerable software versions Slackware Linux 14.2
Slackware Linux 14.1
Slackware Linux 14.0
Vendor URL Slackware

Security Advisory

1) NULL pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a NULL pointer dereference when an "empty" nick has been observed. A remote attacker can use a broken ircd or control over the ircde and cause the service to crash.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

2) Out-of-bounds write

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to an out-of-bounds write error when printing theme strings. A remote attacker can execute arbitrary code on the system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

3) NULL pointer dereference

Description

The vulnerability allows a remote attacker to cause DoS condition on the target system.

The weakness exists due to a NULL pointer dereference when the number of windows exceed the available space. A remote attacker can cause a denial of service.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

4) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to a use-after-free when SASL messages are received in unexpected order. A remote attacker can use a non-conforming ircd, trigger memory corruption and execute arbitrary code on the system.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

5) Use-after-free error

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness is due to a use-after-free when server is disconnected during netsplits. A remote attacker can trigger memory corruption and execute arbitrary code.

Successful exploitation of the vulnerability may result in system compromise.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

6) Use-after-free

Description

The vulnerability allows a remote attacker to conduct DoS attack.

The vulnerability exists due to a use-after-free error when hidden lines are expired from the scroll buffer. A remote attacker can trigger memory corruption and cause the service to crash.

Remediation

Update the affected package irssi.

External links

http://www.slackware.com/security/viewer.php?l=slackware-security&y=2019&m=slackware-security.478665

Back to List