| Summary: | irssi new security issue CVE-2023-29132 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | brtians1, marja11, nicolas.salguero, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK | ||
| Source RPM: | irssi-1.4.3-1.mga9.src.rpm | CVE: | CVE-2023-29132 |
| Status comment: | |||
|
Description
David Walser
2023-04-04 21:23:00 CEST
David Walser
2023-04-04 21:23:50 CEST
Status comment:
(none) =>
Fixed upstream in 1.4.4 Assigning to our registered Irssi maintainer CC:
(none) =>
marja11 Ubuntu has issued an advisory for this today (April 10): https://ubuntu.com/security/notices/USN-6002-1 Suggested advisory: ======================== The updated packages fix a security vulnerability: Irssi 1.3.x and 1.4.x before 1.4.4 has a use-after-free because of use of a stale special collector reference. This occurs when printing of a non-formatted line is concurrent with printing of a formatted line. (CVE-2023-29132) References: https://irssi.org/security/irssi_sa_2023_03.txt https://ubuntu.com/security/notices/USN-6002-1 ======================== Updated packages in core/updates_testing: ======================== irssi-1.4.3-1.1.mga9 irssi-devel-1.4.3-1.1.mga9 irssi-otr-1.4.3-1.1.mga9 irssi-perl-1.4.3-1.1.mga9 from SRPM: irssi-1.4.3-1.1.mga9.src.rpm Assignee:
cooker =>
qa-bugs
katnatek
2024-03-14 20:01:16 CET
Keywords:
(none) =>
advisory MGA9-64, The following 5 packages are going to be installed: - irssi-1.4.3-1.1.mga9.x86_64 - irssi-otr-1.4.3-1.1.mga9.x86_64 - irssi-perl-1.4.3-1.1.mga9.x86_64 - lib64otr5-4.1.1-5.mga9.x86_64 - lib64utf8proc2-2.8.0-1.mga9.x86_64 2.9MB of additional disk space will be used. able to join libera.chat conneced to multiple channels working as expected Whiteboard:
(none) =>
MGA9-64-OK VM Mageia 9 x86_64
Install current version,update and remove packages
LC_ALL=C urpmi irssi
To satisfy dependencies, the following packages are going to be installed:
Package Version Release Arch
(medium "Core Release")
irssi 1.4.3 1.mga9 x86_64
irssi-perl 1.4.3 1.mga9 x86_64 (recommended)
lib64utf8proc2 2.8.0 1.mga9 x86_64
2.8MB of additional disk space will be used.
872KB of packages will be retrieved.
Proceed with the installation of the 3 packages? (Y/n) y
https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/irssi-perl-1.4.3-1.mga9.x86_64.rpm
https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/irssi-1.4.3-1.mga9.x86_64.rpm
https://mirrors.kernel.org/mageia/distrib/9/x86_64/media/core/release/lib64utf8proc2-2.8.0-1.mga9.x86_64.rpm
installing lib64utf8proc2-2.8.0-1.mga9.x86_64.rpm irssi-perl-1.4.3-1.mga9.x86_64.rpm irssi-1.4.3-1.mga9.x86_64.rpm from /var/cache/urpmi/rpms
Preparing... ###########################################################################################
1/3: lib64utf8proc2 ###########################################################################################
2/3: irssi-perl ###########################################################################################
3/3: irssi ###########################################################################################
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (64-bit)" is up-to-date
medium "Core Release" is up-to-date
medium "Core Updates" is up-to-date
medium "Nonfree Release" is up-to-date
medium "Nonfree Updates" is up-to-date
medium "Tainted Release" is up-to-date
medium "Tainted Updates" is up-to-date
installing irssi-1.4.3-1.1.mga9.x86_64.rpm irssi-perl-1.4.3-1.1.mga9.x86_64.rpm from //home/qateam/qa-testing/x86_64
Preparing... ###########################################################################################
1/2: irssi-perl ###########################################################################################
2/2: irssi ###########################################################################################
1/2: removing irssi-1.4.3-1.mga9.x86_64
###########################################################################################
2/2: removing irssi-perl-1.4.3-1.mga9.x86_64
###########################################################################################
LC_ALL=C urpme $(rpm -qa|grep irssi)
removing irssi-1.4.3-1.1.mga9.x86_64 irssi-perl-1.4.3-1.1.mga9.x86_64
removing package irssi-perl-1.4.3-1.1.mga9.x86_64
1/2: removing irssi-perl-1.4.3-1.1.mga9.x86_64
###########################################################################################
removing package irssi-1.4.3-1.1.mga9.x86_64
2/2: removing irssi-1.4.3-1.1.mga9.x86_64
###########################################################################################
writing /var/lib/rpm/installed-through-deps.list
The following package:
lib64utf8proc2-2.8.0-1.mga9.x86_64
is now orphaned, if you wish to remove it, you can use "urpme --auto-orphans"
LC_ALL=C urpme --auto-orphans --auto
removing lib64utf8proc2-2.8.0-1.mga9.x86_64
removing package lib64utf8proc2-2.8.0-1.mga9.x86_64
1/1: removing lib64utf8proc2-2.8.0-1.mga9.x86_64
###########################################################################################
Not issues detected
katnatek
2024-03-15 03:54:32 CET
Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0063.html Resolution:
(none) =>
FIXED |