Debian DLA-1289-1 : irssi security update

high Nessus Plugin ID 106954

Synopsis

The remote Debian host is missing a security update.

Description

It was discovered that there where a number of vulnerabilities in irssi, the terminal based IRC client :

- CVE-2018-7050: NULL pointer dereference for an 'empty' nick.

- CVE-2018-7051: Certain nick names could result in out-of-bounds access when printing theme strings.

- CVE-2018-7052: When the number of windows exceeds the available space, a crash could occur due to another NULL pointer dereference.

For Debian 7 'Wheezy', these issues have been fixed in irssi version 0.8.15-5+deb7u5.

We recommend that you upgrade your irssi packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected irssi, and irssi-dev packages.

See Also

https://lists.debian.org/debian-lts-announce/2018/02/msg00024.html

https://packages.debian.org/source/wheezy/irssi

Plugin Details

Severity: High

ID: 106954

File Name: debian_DLA-1289.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2/23/2018

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:irssi, p-cpe:/a:debian:debian_linux:irssi-dev, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Patch Publication Date: 2/22/2018