GLSA-201405-03 : WeeChat: Multiple vulnerabilities
High Nessus Plugin ID 73859
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-201405-03 (WeeChat: Multiple vulnerabilities)
Two vulnerabilities have been discovered in WeeChat:
The hook_process() function does not properly handle shell expansions (CVE-2012-5534).
WeeChat does not properly decode colors which could cause a heap-based buffer overflow (CVE-2012-5854).
A remote attacker could entice a user to open a specially crafted script or send messages with specially crafted colors, possibly resulting in execution of arbitrary code with the privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
SolutionAll WeeChat users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=net-irc/weechat-0.3.9.2'