New irssi packages are available for Slackware 14.0, 14.1, 14.2, and
-current to fix a security issue.

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-1616 advisory.

  - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free     when sending SASL login to the server. (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2020:1616 advisory.

  - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free     when sending SASL login to the server. (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It was discovered that Irssi incorrectly handled certain disconnections. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. This issue only affected Ubuntu 18.04 LTS. (CVE-2018-7054)

It was discovered that Irssi incorrectly handled certain requests. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. (CVE-2019-13045).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote CentOS Linux 8 host has packages installed that are affected by a vulnerability as referenced in the CESA-2020:1616 advisory.

  - irssi: use after free when sending SASL login to server (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1616 advisory.

  - irssi: use after free when sending SASL login to server (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for irssi fixes the following issues :

irssi was updated to 1.1.3 :

  - CVE-2019-13045: Fix a use after free issue when sending     the SASL login on (automatic and manual) reconnects     (#1055, #1058) (boo#1139802)

  - Fix regression of #779 where autolog_ignore_targets     would not matching itemless windows anymore (#1012,     #1013)

According to the version of the irssi package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x     before 1.2.1, when SASL is enabled, has a use after     free when sending SASL login to the     server.(CVE-2019-13045)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:1616 advisory.

  - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free     when sending SASL login to the server. (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3025 advisory.

  - Irssi before 1.0.8, 1.1.x before 1.1.3, and 1.2.x before 1.2.1, when SASL is enabled, has a use after free     when sending SASL login to the server. (CVE-2019-13045)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Irssi reports :

Use after free when sending SASL login to the server found by ilbelkyr. (CWE-416, CWE-825)

ID	Name	Product	Family	Published	Updated	Severity
126367	Slackware 14.0 / 14.1 / 14.2 / current : irssi (SSA:2019-180-01)	Nessus	Slackware Local Security Checks	7/1/2019	1/8/2020	high
180940	Oracle Linux 8 : irssi (ELSA-2020-1616)	Nessus	Oracle Linux Local Security Checks	9/7/2023	9/7/2023	high
157501	AlmaLinux 8 : irssi (ALSA-2020:1616)	Nessus	Alma Linux Local Security Checks	2/9/2022	2/14/2022	high
126504	Ubuntu 16.04 LTS / 18.04 LTS : Irssi vulnerabilities (USN-4046-1)	Nessus	Ubuntu Local Security Checks	7/5/2019	10/21/2023	critical
146034	CentOS 8 : irssi (CESA-2020:1616)	Nessus	CentOS Local Security Checks	2/1/2021	3/23/2021	high
143037	RHEL 8 : irssi (RHSA-2020:1616)	Nessus	Red Hat Local Security Checks	11/18/2020	5/25/2023	high
126491	openSUSE Security Update : irssi (openSUSE-2019-1690)	Nessus	SuSE Local Security Checks	7/5/2019	9/23/2020	high
139960	EulerOS 2.0 SP8 : irssi (EulerOS-SA-2020-1857)	Nessus	Huawei Local Security Checks	8/28/2020	2/23/2024	high
184555	Rocky Linux 8 : irssi (RLSA-2020:1616)	Nessus	Rocky Linux Local Security Checks	11/6/2023	11/6/2023	high
161618	Debian DLA-3025-1 : irssi - LTS security update	Nessus	Debian Local Security Checks	5/27/2022	5/27/2022	high
126413	FreeBSD : irssi -- Use after free when sending SASL login to the server (475f952c-9b29-11e9-a8a5-6805ca0b38e8)	Nessus	FreeBSD Local Security Checks	7/2/2019	1/8/2020	high

Detections

Analytics

Plugins Search

high

high

high

critical

high

high

high

high

high

high

high