Nom du paquet
silc-toolkit
Date
2009-09-15
Advisory ID
MDVSA-2009:235
Affected versions
2009.1 i586 , 2009.1 x86_64

Problem description

Multiple vulnerabilities was discovered and corrected in silc-toolkit:

Multiple format string vulnerabilities in lib/silcclient/client_entry.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and
SILC Client before 1.1.8, allow remote attackers to execute arbitrary
code via format string specifiers in a nickname field, related to the
(1) silc_client_add_client, (2) silc_client_update_client, and (3)
silc_client_nickname_format functions (CVE-2009-3051).

Multiple format string vulnerabilities in lib/silcclient/command.c
in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10,
and SILC Client 1.1.8 and earlier, allow remote attackers to execute
arbitrary code via format string specifiers in a channel name, related
to (1) silc_client_command_topic, (2) silc_client_command_kick,
(3) silc_client_command_leave, and (4) silc_client_command_users
(CVE-2009-3163).

This update provides a solution to these vulnerabilities.

Updated packages

2009.1 i586

 963ef781398e914559c75514220c875d  2009.1/i586/libsilc1.1_2-1.1.9-1.1mdv2009.1.i586.rpm
 18bb9a7ad80a3ea48e0456163b46e94e  2009.1/i586/libsilcclient1.1_3-1.1.9-1.1mdv2009.1.i586.rpm
 816a0b7d2fceed7bac2af77d7a2cba09  2009.1/i586/silc-toolkit-1.1.9-1.1mdv2009.1.i586.rpm
 7c712d1cf8aa7a588cf99a86b2ae886d  2009.1/i586/silc-toolkit-devel-1.1.9-1.1mdv2009.1.i586.rpm 
 55583cad550b01bbcd64fe6d2055e32c  2009.1/SRPMS/silc-toolkit-1.1.9-1.1mdv2009.1.src.rpm

2009.1 x86_64

 9fd16b8e6d20347ec944a652c78f3e93  2009.1/x86_64/lib64silc1.1_2-1.1.9-1.1mdv2009.1.x86_64.rpm
 00aab2d7e5776d8ab6dfdf629249331e  2009.1/x86_64/lib64silcclient1.1_3-1.1.9-1.1mdv2009.1.x86_64.rpm
 188699f87467e9b41d0acb74b6e3fe8c  2009.1/x86_64/silc-toolkit-1.1.9-1.1mdv2009.1.x86_64.rpm
 c10e9b7b1e405f26c91e2b7b20c29985  2009.1/x86_64/silc-toolkit-devel-1.1.9-1.1mdv2009.1.x86_64.rpm 
 55583cad550b01bbcd64fe6d2055e32c  2009.1/SRPMS/silc-toolkit-1.1.9-1.1mdv2009.1.src.rpm

References