Security Information / 2017 / Security Information -- DSA-3885-1 irssi

Debian Security Advisory

DSA-3885-1 irssi -- security update

Date Reported:

18 Jun 2017

Affected Packages:

irssi

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 864400.
In Mitre's CVE dictionary: CVE-2017-9468, CVE-2017-9469.

More information:

Multiple vulnerabilities have been discovered in Irssi, a terminal based IRC client. The Common Vulnerabilities and Exposures project identifies the following problems:

• CVE-2017-9468

  Joseph Bisch discovered that Irssi does not properly handle DCC messages without source nick/host. A malicious IRC server can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.

• CVE-2017-9469

  Joseph Bisch discovered that Irssi does not properly handle receiving incorrectly quoted DCC files. A remote attacker can take advantage of this flaw to cause Irssi to crash, resulting in a denial of service.

For the oldstable distribution (jessie), these problems have been fixed in version 0.8.17-1+deb8u4.

For the stable distribution (stretch), these problems have been fixed in version 1.0.2-1+deb9u1.

For the unstable distribution (sid), these problems have been fixed in version 1.0.3-1.

We recommend that you upgrade your irssi packages.