Bug 19437

Summary: irssi: heap corruption and missing boundary checks (CVE-2016-7044 CVE-2016-7045)
Product: Mageia Reporter: Philippe Makowski <makowski.mageia>
Component: SecurityAssignee: Johnny A. Solbu <cooker>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: thierry.vignaud
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/701626/
Whiteboard:
Source RPM: irssi-0.8.19-1.mga6.src.rpm CVE:
Status comment:

Description Philippe Makowski 2016-09-22 09:18:40 CEST 
Description
-----------

Gabriel Campana and Adrien Guinet from Quarkslab reported two remote
crash and heap corruption vulnerabilites in Irssi's format parsing
code.

They also provided us with proof of concept exploit code and patches
to fix those issues.


Impact
------

Remote crash and heap corruption. Remote code execution seems
difficult since only Nuls are written.


Affected versions
-----------------

Irssi 0.8.17-beta up to and including 0.8.19 up to 0.8.19-219-g52fedea

Bug 1 affects only Irssis compiled with true-color enabled.
Bug 2 affects all Irssis regardless of compilation flags.


Ref :
https://irssi.org/security/irssi_sa_2016.txt
https://irssi.org/2016/09/21/irssi-0.8.20-released/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7045
David Walser 2016-09-22 13:36:45 CEST

CC: (none) => thierry.vignaud
Assignee: bugsquad => cooker
Summary: heap corruption and missing boundary checks CVE-2016-7044 CVE-2016-7045 => irssi: heap corruption and missing boundary checks (CVE-2016-7044 CVE-2016-7045)
Source RPM: irssi-0.8.19-1.mga6.src => irssi-0.8.19-1.mga6.src.rpm

Comment 1 David Walser 2016-09-22 14:07:56 CEST 
Debian has issued an advisory for this on September 21:
https://www.debian.org/security/2016/dsa-3672

The oss-security announcement of this issue has a link to an upstream patch to fix the issues at the bottom:
http://www.openwall.com/lists/oss-security/2016/09/21/11
David Walser 2016-09-23 03:23:49 CEST

URL: https://irssi.org/2016/09/21/irssi-0.8.20-released/ => http://lwn.net/Vulnerabilities/701626/

Comment 2 David Walser 2016-09-24 15:54:46 CEST 
irssi-0.8.20-1.mga6 updated for Cauldron by Johnny.  Thanks!

Status: NEW => RESOLVED
Resolution: (none) => FIXED