=========================================================== Ubuntu Security Notice USN-800-1 July 13, 2009 irssi vulnerability CVE-2009-1959 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: irssi 0.8.10-1ubuntu1.1 Ubuntu 8.04 LTS: irssi 0.8.12-3ubuntu3.1 Ubuntu 8.10: irssi 0.8.12-4ubuntu2.1 Ubuntu 9.04: irssi 0.8.12-6ubuntu1.1 After a standard system upgrade you need to restart irssi to effect the necessary changes. Details follow: It was discovered that irssi did not properly check the length of strings when processing WALLOPS messages. If a user connected to an IRC network where an attacker had IRC operator privileges, a remote attacker could cause a denial of service. Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.diff.gz Size/MD5: 153485 c76b50ee0214ffeade913d27388ccb39 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1.dsc Size/MD5: 731 7c627e770089ad47e51cdccaebdfd3ce http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10.orig.tar.gz Size/MD5: 1322825 ed29412e86e1d5fbb71d24ae02edd462 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_amd64.deb Size/MD5: 253350 b7988fa042ae96a6a3527f9b3c9053b7 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_amd64.deb Size/MD5: 205360 233dc6d41a8a0a204d1e8555e992447a http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_amd64.deb Size/MD5: 1120732 43a93b55e0969cb85a7eb25381e5e0ab i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_i386.deb Size/MD5: 253356 8bfca7ccf237bedc1543a7cc172ff373 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_i386.deb Size/MD5: 205364 639b2df9bf00261a7ed0eff854c45d45 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_i386.deb Size/MD5: 1013086 dbec700906ebd5cef1b3b5f1860af161 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_powerpc.deb Size/MD5: 253372 5361bc09986c96efafce34a0c8eb1388 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_powerpc.deb Size/MD5: 205364 b48e92135c6ddd6fb6e22feb9c9c72e1 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_powerpc.deb Size/MD5: 1102212 dc4eb9eb69ea479cb8fbdcec5fe653df sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.10-1ubuntu1.1_sparc.deb Size/MD5: 253370 6f8fd56bc8b7803cc91adc6a84ace106 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-text_0.8.10-1ubuntu1.1_sparc.deb Size/MD5: 205360 30870fc30a164eed42aac19bf2b7a3d1 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.10-1ubuntu1.1_sparc.deb Size/MD5: 1055578 7e1309cf46f06c455d396191b6b91ee7 Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.diff.gz Size/MD5: 24071 b83bb3674fa5d16307d7ecf9d0b0dc6c http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1.dsc Size/MD5: 996 c11231841b15900ded6608d12bb2fbe4 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_amd64.deb Size/MD5: 271182 ac47cd0d048efa348e671c2849c60d86 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_amd64.deb Size/MD5: 1159272 aa2826354fe258af8bda4fd051541b61 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_i386.deb Size/MD5: 271184 6ea6b8816efdabffb8217d80d68d72cb http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_i386.deb Size/MD5: 1076156 0c5c50ee8c9b7e89b7bacd32fc56a5e4 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_lpia.deb Size/MD5: 271178 b2d419141aac13937b8e8c27bf0f0fd7 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_lpia.deb Size/MD5: 1070272 25bb78d0757722146f1e00cf4aa3a1f7 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_powerpc.deb Size/MD5: 271200 2aeb20fb432f4d3aa5d8b5e37fb770dc http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_powerpc.deb Size/MD5: 1164908 5a5502d281326f1fbbf1770fd0ff2450 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-3ubuntu3.1_sparc.deb Size/MD5: 271194 f2b95ea9a40aeaa5b0d891fe8669281d http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-3ubuntu3.1_sparc.deb Size/MD5: 1099954 24ba8949b7d1887d8e14e6a122b0308b Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.diff.gz Size/MD5: 18831 a26887cf62709a33d50b7452b94b0d66 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1.dsc Size/MD5: 1390 380dd166817d6636da8068b7d117957f http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_amd64.deb Size/MD5: 272202 f1ad1b74c3d10788fdf1f213c99b67fc http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_amd64.deb Size/MD5: 1164742 7433268f4731e2a7b88acec697df5e27 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_i386.deb Size/MD5: 272214 7187b234b7eab2cd81038d3015b194c0 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_i386.deb Size/MD5: 1081934 e10b000070c7aa5c8b201ce349259b15 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_lpia.deb Size/MD5: 272182 4867d2069ee6df1cec187acee6320cbc http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_lpia.deb Size/MD5: 1072888 508142c2792655d77e92d0e7e48db726 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_powerpc.deb Size/MD5: 272214 2999207cc554976f7c2e01f4fc6efd2b http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_powerpc.deb Size/MD5: 1162928 37aca332581976e13afc95f809680839 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-4ubuntu2.1_sparc.deb Size/MD5: 272220 02ef75b4c5eba33d9e7f9cbbe19303f4 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-4ubuntu2.1_sparc.deb Size/MD5: 1095538 757143852d8c4c7849a253434629229f Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.diff.gz Size/MD5: 20812 eb6aa3d63c1de2418610c745a8c6b6ac http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1.dsc Size/MD5: 1390 584470415039a47f1f57d303cff414fa http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12.orig.tar.gz Size/MD5: 1335967 ddf717a430e1c13a272f528c4f529430 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_amd64.deb Size/MD5: 272604 336644ea219e446ce2c700e456d84949 http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_amd64.deb Size/MD5: 1165418 5814ebb9e1abd39e89ddd9cd288ede11 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_i386.deb Size/MD5: 272594 80232d032a5edd99ae19aaf68a188c4d http://security.ubuntu.com/ubuntu/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_i386.deb Size/MD5: 1082748 dec0bdac2d1e3a0f62b707403bf2a311 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_lpia.deb Size/MD5: 272588 b0f1fffb8f42dab0ed8a5c4912e7e1f3 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_lpia.deb Size/MD5: 1073846 e9ea02aebbe847efd09a44467102f2ee powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_powerpc.deb Size/MD5: 272624 ccbc3a7bf2ffe5f4add29fa255435b92 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_powerpc.deb Size/MD5: 1163624 0dc63456374de3e55d09f040c685dace sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/irssi/irssi-dev_0.8.12-6ubuntu1.1_sparc.deb Size/MD5: 272610 77de61952372522c3d131e11fa4570f2 http://ports.ubuntu.com/pool/main/i/irssi/irssi_0.8.12-6ubuntu1.1_sparc.deb Size/MD5: 1095928 4b2b8206560970d01b40a197e88d73cb
Attachment:
signature.asc
Description: Digital signature