"Ubuntu Security Notice USN-929-1 April 16, 2010
irssi vulnerabilities
CVE-2010-1155, CVE-2010-1156
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
Ubuntu 9.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
irssi 0.8.12-3ubuntu3.2
Ubuntu 8.10:
irssi 0.8.12-4ubuntu2.2
Ubuntu 9.04:
irssi 0.8.12-6ubuntu1.2
Ubuntu 9.10:
irssi 0.8.14-1ubuntu1.1
After a standard system upgrade you need to restart irssi to effect the
necessary changes.
Details follow:
It was discovered that irssi did not perform certificate host validation
when using SSL connections. An attacker could exploit this to perform a man
in the middle attack to view sensitive information or alter encrypted
communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL
pointer when a user left the channel. A remote attacker could cause a
denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old,
insecure SSLv2 protocol.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.diff.gz
Size/MD5: 28157 9e57c160ead8a8f142d1f5a43832bffc
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2.dsc
Size/MD5: 997 9f0486989f51939747bb1ebb06954a27
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_amd64.deb
Size/MD5: 271404 2664da06403587d736c64f3898c79051
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_amd64.deb
Size/MD5: 1161962 11312c219e59952d0206a1ed7d8553e9
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_i386.deb
Size/MD5: 271416 0b59bc801928039d1d29c91b2782c8e9
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_i386.deb
Size/MD5: 1078574 671dde03e0b04451ff3a892aa9a5cf6f
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_lpia.deb
Size/MD5: 271406 54901decae93ac7e52dbbb15b5fc0f33
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_lpia.deb
Size/MD5: 1072996 dd328dcfa7d15e9b53f7597aae3ea10e
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_powerpc.deb
Size/MD5: 271442 fee46f9950eda248f0fe8c7e3790275b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_powerpc.deb
Size/MD5: 1167876 54e4578993515f2b51d885164d28103a
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.2_sparc.deb
Size/MD5: 271448 915ace3ae584bcde4a22860aef20a929
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.2_sparc.deb
Size/MD5: 1103464 ebf0a5d0f88876642df1d54199c00cb2
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.diff.gz
Size/MD5: 22949 05b1027b8cbc7893794a86a1ce3c9477
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2.dsc
Size/MD5: 1391 c447723cf0848e4494b966a88a07ed6d
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_amd64.deb
Size/MD5: 272438 5fe32ea72f73f8e69f0738632fb97a66
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_amd64.deb
Size/MD5: 1167370 0274792126c82c923b446104a0786a99
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_i386.deb
Size/MD5: 272432 136f63c9c9f91e785d9e1b7bdbda0252
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_i386.deb
Size/MD5: 1084792 bc52dd214d16cefe050848baf968d7a5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_lpia.deb
Size/MD5: 272426 77755898ad90b14c5b152ac8dfa5010f
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_lpia.deb
Size/MD5: 1075496 459ef8280bde35183d0e21d78d6a4606
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_powerpc.deb
Size/MD5: 272444 5cf2f918096e94c73a89d27caccdb15a
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_powerpc.deb
Size/MD5: 1165512 cf6f51526b9c12e76f8d55c28b55b696
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.2_sparc.deb
Size/MD5: 272446 5717f7fbb9834883b20a445d044fd60b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.2_sparc.deb
Size/MD5: 1098222 8edff97bb03c513aa1d301454d63caaa
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.diff.gz
Size/MD5: 24807 caae22ec37b9db5ade9c4b23215f6b82
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2.dsc
Size/MD5: 1391 960eaacca58feaaa6291c03f4faa8848
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz
Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_amd64.deb
Size/MD5: 272834 6206f3ed4d7a95f4e6a78fb2dd71b742
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_amd64.deb
Size/MD5: 1168224 ec603d2e45db6232b9c70c0425175a63
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_i386.deb
Size/MD5: 272838 84a9b57d67e73e0f5153c417195b5895
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_i386.deb
Size/MD5: 1085950 eb89e6913556df69492d55e6e85d650a
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_lpia.deb
Size/MD5: 272822 ae2a9f697f3c05f6c8ec68eeff0fa1d1
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_lpia.deb
Size/MD5: 1076648 c77d2166f9e67bbbed1ff1dac0bf840a
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_powerpc.deb
Size/MD5: 272846 6a9798a074b66a3da167005c1b33ba9c
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_powerpc.deb
Size/MD5: 1166560 5a7ed4e30436205b92696d40bd2cbe4c
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.2_sparc.deb
Size/MD5: 272840 d3e2191b24c540c374615be95ce950ee
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.2_sparc.deb
Size/MD5: 1098618 7978ca96b1a957bb4cef7d816b56950f
Updated packages for Ubuntu 9.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.diff.gz
Size/MD5: 21546 f4a8783034ccf63328c297664a47d3b3
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1.dsc
Size/MD5: 1391 7845487e0d0a1a5b186e626afd235ee3
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14.orig.tar.gz
Size/MD5: 1356130 7d9437f53209a61af4fe4c9c5528ffa7
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_amd64.deb
Size/MD5: 292894 126864465b69816317fe43fe09b2ada6
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_amd64.deb
Size/MD5: 1171216 e6b17e846b9abe48a80db10014d4186f
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_i386.deb
Size/MD5: 292922 362c22be48ab7bc8297f8c82e95ccb39
http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_i386.deb
Size/MD5: 1090006 992162b6d1b43ab6eb593bed99df191d
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_lpia.deb
Size/MD5: 292906 f1317ff5f2ad9218fb837fff0b7f33be
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_lpia.deb
Size/MD5: 1087934 1e1722ca6efaf3d2da61ecf2bc0a048c
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_powerpc.deb
Size/MD5: 292926 65f49b5e355f8412b97cc0bd727f6a42
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_powerpc.deb
Size/MD5: 1154230 d38cee976915374aa583b38d429ee7e5
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.14-1ubuntu1.1_sparc.deb
Size/MD5: 292932 dcd75d80b3f2f33b3ad1a2462e7c674b
http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.14-1ubuntu1.1_sparc.deb
Size/MD5: 1098308 16a61331376a050d5c5882846399b3d1
--17pEHd4RhPHOinZp
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkvHsdwACgkQW0JvuRdL8Bp0AgCdF6ggOtaPlFqtLikrnrbopXON
+2QAoIUS7hwtpOxoo73NRdKJWghApiXJ
=1Jiu
-----END PGP SIGNATURE-----
"
Hawkwind and Hadouken! to play GuilFestUSN-922-1: libnss-db vulnerability
This entry was posted
on 10:35 AM
.
Archives
-
▼
2010
(391)
-
▼
April
(38)
- USN-933-1: PostgreSQL vulnerability
- RHSA-2010:0383-01 Critical: java-1.6.0-ibm securit...
- RHSA-2010:0380-01 Important: kernel security and b...
- USN-929-2: irssi regression
- RHSA-2010:0356-02 Critical: java-1.6.0-sun securit...
- DSA 2021-2: New spamass-milter packages fix regres...
- RHSA-2010:0360-01 Moderate: wireshark security update
- USN-932-1: KDM vulnerability
- RHSA-2010:0362-01 Important: scsi-target-utils sec...
- DSA 2038-1: New pidgin packages fix denial of service
- DSA 2036-1: New jasper packages fix denial of service
- RHSA-2010:0361-01 Moderate: sudo security update
- DSA 2034-1: New phpmyadmin packages fix several vu...
- USN-890-6: CMake vulnerabilities
- RHSA-2010:0347-01 Moderate: nss_db security update
- DSA-2035-1: New apache2 packages fix several issues
- DSA 2031-1: New krb5 packages fix denial of service
- USN-929-1: irssi vulnerabilities
- USN-927-3: Thunderbird regression
- USN-927-1: NSS vulnerability
- USN-927-2: NSS regression
- USN-624-2: Erlang vulnerability
- DSA 2030-1: New mahara packages fix sql injection
- USN-925-1: MoinMoin vulnerabilities
- USN-924-1: Kerberos vulnerabilities
- RHSA-2010:0337-01 Critical: java-1.6.0-sun securit...
- RHSA-2010:0343-01 Important: krb5 security and bug...
- USN-923-1: OpenJDK vulnerabilities
- RHSA-2010:0330-01 Moderate: GFS security and bug f...
- USN-922-1: libnss-db vulnerability
- DSA 2027-1: New xulrunner packages fix several vul...
- RHSA-2010:0333-01 Critical: seamonkey security update
- DSA 2025-1: New icedove packages fix several vulne...
- RHSA-2010:0339-01 Important: java-1.6.0-openjdk se...
- RHSA-2010:0332-01 Critical: firefox security update
- RHSA-2010:0273-05 Moderate: curl security, bug fix...
- DSA 2024-1: New moin packages fix cross-site scrip...
- RHSA-2010:0181-05 Low: brltty security and bug fix...
-
▼
April
(38)