To: [email protected]Subject: [ MDVSA-2009:133 ] irssi
Date: Tue, 16 Jun 2009 16:05:02 +0200
From: [email protected]
Reply-To: <xsecurity@mandriva.com.>
Message-Id: <E1MGZHa-00043Y-7a@titan.mandriva.com.>
X-Virus-Scanned: antivirus-gw at tyumen.ru
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2009:133
http://www.mandriva.com/security/
_______________________________________________________________________
Package : irssi
Date : June 16, 2009
Affected: 2008.1, 2009.0, 2009.1, Corporate 3.0
_______________________________________________________________________
Problem Description:
A vulnerability has been found and corrected in irssi:
Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers
to cause a denial of service (crash) via an empty command, which
triggers a one-byte buffer under-read and a one-byte buffer underflow
(CVE-2009-1959).
This update provides fixes for this vulnerability.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.1:
7666ac4b0ee6be35f6c61c88937b4929 2008.1/i586/irssi-0.8.12-3.1mdv2008.1.i586.rpm
3c9d4ce7992efeeb4902d01cf0904be7 2008.1/i586/irssi-devel-0.8.12-3.1mdv2008.1.i586.rpm
8559da090d172911312f0b3536b414c4 2008.1/i586/irssi-perl-0.8.12-3.1mdv2008.1.i586.rpm
f9b68d781fe6476bc8050c2f00726c41 2008.1/SRPMS/irssi-0.8.12-3.1mdv2008.1.src.rpm
Mandriva Linux 2008.1/X86_64:
1b8e64c328e18f452b9b59d489f33941 2008.1/x86_64/irssi-0.8.12-3.1mdv2008.1.x86_64.rpm
1a1da766b58e5318a22e7084e3b196ac 2008.1/x86_64/irssi-devel-0.8.12-3.1mdv2008.1.x86_64.rpm
51adab508e1d513bdb9d7d40b5069a7a 2008.1/x86_64/irssi-perl-0.8.12-3.1mdv2008.1.x86_64.rpm
f9b68d781fe6476bc8050c2f00726c41 2008.1/SRPMS/irssi-0.8.12-3.1mdv2008.1.src.rpm
Mandriva Linux 2009.0:
1684a3989ed164409776c89546044780 2009.0/i586/irssi-0.8.12-3.1mdv2009.0.i586.rpm
7671fbe25259b3305889975d52b834c4 2009.0/i586/irssi-devel-0.8.12-3.1mdv2009.0.i586.rpm
13b3f2f3a0aa054db77ad53a447e5fe6 2009.0/i586/irssi-perl-0.8.12-3.1mdv2009.0.i586.rpm
64ec4fbff1686d3fbcab88520f669fa5 2009.0/SRPMS/irssi-0.8.12-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.0/X86_64:
77c019b09105e045e98f70748d20f56b 2009.0/x86_64/irssi-0.8.12-3.1mdv2009.0.x86_64.rpm
efd08c666aa1ad1014c40244e69dbf79 2009.0/x86_64/irssi-devel-0.8.12-3.1mdv2009.0.x86_64.rpm
051858b7540f7fa8e3c6c0141cb2d200 2009.0/x86_64/irssi-perl-0.8.12-3.1mdv2009.0.x86_64.rpm
64ec4fbff1686d3fbcab88520f669fa5 2009.0/SRPMS/irssi-0.8.12-3.1mdv2009.0.src.rpm
Mandriva Linux 2009.1:
0dbd4c60bcb4baad613c066edc8a9928 2009.1/i586/irssi-0.8.12-4.1mdv2009.1.i586.rpm
90646d0b03a43228cb301d017cc1e516 2009.1/i586/irssi-devel-0.8.12-4.1mdv2009.1.i586.rpm
492d3bb18444d889c26a15fed4bcde71 2009.1/i586/irssi-perl-0.8.12-4.1mdv2009.1.i586.rpm
fb8e4a81570e8af0b02db392c324849e 2009.1/SRPMS/irssi-0.8.12-4.1mdv2009.1.src.rpm
Mandriva Linux 2009.1/X86_64:
763e7d2df4275f13bc04c89ebb28e744 2009.1/x86_64/irssi-0.8.12-4.1mdv2009.1.x86_64.rpm
389a2932a04ee531245b2d5398b3959c 2009.1/x86_64/irssi-devel-0.8.12-4.1mdv2009.1.x86_64.rpm
7c278e8ac8e85d1e047cc64179b5196e 2009.1/x86_64/irssi-perl-0.8.12-4.1mdv2009.1.x86_64.rpm
fb8e4a81570e8af0b02db392c324849e 2009.1/SRPMS/irssi-0.8.12-4.1mdv2009.1.src.rpm
Corporate 3.0:
2e896fd5f40335522487871773aeb079 corporate/3.0/i586/irssi-0.8.9-2.1.C30mdk.i586.rpm
998b302c79e9e42564588c5a2cde0d92 corporate/3.0/i586/irssi-devel-0.8.9-2.1.C30mdk.i586.rpm
a36c0604ae531ba14108008d346d9b28 corporate/3.0/SRPMS/irssi-0.8.9-2.1.C30mdk.src.rpm
Corporate 3.0/X86_64:
bcdeed0d1a345aad7e1ddeacae5dac92 corporate/3.0/x86_64/irssi-0.8.9-2.1.C30mdk.x86_64.rpm
eb21881f04f1308567cdfb355266c8b4 corporate/3.0/x86_64/irssi-devel-0.8.9-2.1.C30mdk.x86_64.rpm
a36c0604ae531ba14108008d346d9b28 corporate/3.0/SRPMS/irssi-0.8.9-2.1.C30mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFKN3m2mqjQ0CJFipgRAsTdAJwPbdOswHmhm5mUn/htoCG0GPOyrwCgr9pu
VHVWemrVNgtvzoBT/KZCOBg=
=DMv8
-----END PGP SIGNATURE-----