irssi-0.8.20-3.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10455-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z irssi-0.8.20-3.1 on GA media These are all security issues fixed in the irssi-0.8.20-3.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10455 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2009-1959/ SUSE CVE CVE-2009-1959 page https://www.suse.com/security/cve/CVE-2010-1154/ SUSE CVE CVE-2010-1154 page https://www.suse.com/security/cve/CVE-2010-1155/ SUSE CVE CVE-2010-1155 page https://www.suse.com/security/cve/CVE-2016-7044/ SUSE CVE CVE-2016-7044 page https://www.suse.com/security/cve/CVE-2016-7045/ SUSE CVE CVE-2016-7045 page https://www.suse.com/security/cve/CVE-2016-7553/ SUSE CVE CVE-2016-7553 page openSUSE Tumbleweed irssi-0.8.20-3.1 irssi-devel-0.8.20-3.1 irssi-0.8.20-3.1 as a component of openSUSE Tumbleweed irssi-devel-0.8.20-3.1 as a component of openSUSE Tumbleweed Off-by-one error in the event_wallops function in fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers to cause a denial of service (crash) via an empty command, which triggers a one-byte buffer under-read and a one-byte buffer underflow. CVE-2009-1959 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 moderate 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2009-1959.html CVE-2009-1959 https://bugzilla.suse.com/510837 SUSE Bug 510837 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2010. Notes: none. CVE-2010-1154 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1154.html CVE-2010-1154 https://bugzilla.suse.com/596005 SUSE Bug 596005 Irssi before 0.8.15, when SSL is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) field or a Subject Alternative Name field of the X.509 certificate, which allows man-in-the-middle attackers to spoof IRC servers via an arbitrary certificate. CVE-2010-1155 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2010-1155.html CVE-2010-1155 https://bugzilla.suse.com/596005 SUSE Bug 596005 The unformat_24bit_color function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service (heap corruption and crash) via an incomplete 24bit color code. CVE-2016-7044 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7044.html CVE-2016-7044 https://bugzilla.suse.com/999199 SUSE Bug 999199 The format_send_to_gui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service (heap corruption and crash) via vectors involving the length of a string. CVE-2016-7045 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 important 5 AV:N/AC:L/Au:N/C:N/I:N/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7045.html CVE-2016-7045 https://bugzilla.suse.com/999199 SUSE Bug 999199 The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak permissions for the scrollbuffer dump file created between upgrades, which might allow local users to obtain sensitive information from private chat conversations by reading the file. CVE-2016-7553 openSUSE Tumbleweed:irssi-0.8.20-3.1 openSUSE Tumbleweed:irssi-devel-0.8.20-3.1 low 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-7553.html CVE-2016-7553 https://bugzilla.suse.com/1001215 SUSE Bug 1001215