Support / Security / Advisories / Mandriva Linux 2008.0 / MDVSA-2009:133-1

Package name: irssi
Date: 2009-12-08
Advisory ID: MDVSA-2009:133-1
Affected versions: 2008.0 i586 , 2008.0 x86_64

Problem description

A vulnerability has been found and corrected in irssi:

Off-by-one error in the event_wallops function in
fe-common/irc/fe-events.c in irssi 0.8.13 allows remote IRC servers
to cause a denial of service (crash) via an empty command, which
triggers a one-byte buffer under-read and a one-byte buffer underflow
(CVE-2009-1959).

This update provides fixes for this vulnerability.

Update:

Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers

Updated packages

2008.0 i586

 fa432c6f476c577c4d47f255cbf6b55b  2008.0/i586/irssi-0.8.11-1.2mdv2008.0.i586.rpm
 2ec2fe62932c7bf27127d967c029c884  2008.0/i586/irssi-devel-0.8.11-1.2mdv2008.0.i586.rpm
 ac45297904ab1ba826ea6ac6bf9b408e  2008.0/i586/irssi-perl-0.8.11-1.2mdv2008.0.i586.rpm 
 dfb062f1611f0d4578d291fe96d7d50a  2008.0/SRPMS/irssi-0.8.11-1.2mdv2008.0.src.rpm

2008.0 x86_64

 3e0f1a77a249afe1caa91cd326f07b2e  2008.0/x86_64/irssi-0.8.11-1.2mdv2008.0.x86_64.rpm
 e2cdb891cb472be7ea089f5faa7e17cd  2008.0/x86_64/irssi-devel-0.8.11-1.2mdv2008.0.x86_64.rpm
 2e1f29792435cac9e09718c062484109  2008.0/x86_64/irssi-perl-0.8.11-1.2mdv2008.0.x86_64.rpm 
 dfb062f1611f0d4578d291fe96d7d50a  2008.0/SRPMS/irssi-0.8.11-1.2mdv2008.0.src.rpm

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1959