Debian DLA-1289-1 : irssi security update
High Nessus Plugin ID 106954
SynopsisThe remote Debian host is missing a security update.
DescriptionIt was discovered that there where a number of vulnerabilities in irssi, the terminal based IRC client :
- CVE-2018-7050: NULL pointer dereference for an 'empty' nick.
- CVE-2018-7051: Certain nick names could result in out-of-bounds access when printing theme strings.
- CVE-2018-7052: When the number of windows exceeds the available space, a crash could occur due to another NULL pointer dereference.
For Debian 7 'Wheezy', these issues have been fixed in irssi version 0.8.15-5+deb7u5.
We recommend that you upgrade your irssi packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpgrade the affected irssi, and irssi-dev packages.