Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1519
irssi security update
30 April 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: irssi
Publisher: Red Hat
Operating System: Red Hat Enterprise Linux Server 8
Red Hat Enterprise Linux WS/Desktop 8
Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2019-13045
Reference: ESB-2019.2470
Original Bulletin:
https://access.redhat.com/errata/RHSA-2020:1616
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
=====================================================================
Red Hat Security Advisory
Synopsis: Low: irssi security update
Advisory ID: RHSA-2020:1616-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2020:1616
Issue date: 2020-04-28
CVE Names: CVE-2019-13045
=====================================================================
1. Summary:
An update for irssi is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact
of Low. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat CodeReady Linux Builder (v. 8) - aarch64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64
3. Description:
Irssi is a modular IRC client with Perl scripting.
Security Fix(es):
* irssi: use after free when sending SASL login to server (CVE-2019-13045)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat
Enterprise Linux 8.2 Release Notes linked from the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
5. Bugs fixed (https://bugzilla.redhat.com/):
1727683 - CVE-2019-13045 irssi: use after free when sending SASL login to server
6. Package List:
Red Hat Enterprise Linux AppStream (v. 8):
Source:
irssi-1.1.1-3.el8.src.rpm
aarch64:
irssi-1.1.1-3.el8.aarch64.rpm
irssi-debuginfo-1.1.1-3.el8.aarch64.rpm
irssi-debugsource-1.1.1-3.el8.aarch64.rpm
ppc64le:
irssi-1.1.1-3.el8.ppc64le.rpm
irssi-debuginfo-1.1.1-3.el8.ppc64le.rpm
irssi-debugsource-1.1.1-3.el8.ppc64le.rpm
s390x:
irssi-1.1.1-3.el8.s390x.rpm
irssi-debuginfo-1.1.1-3.el8.s390x.rpm
irssi-debugsource-1.1.1-3.el8.s390x.rpm
x86_64:
irssi-1.1.1-3.el8.x86_64.rpm
irssi-debuginfo-1.1.1-3.el8.x86_64.rpm
irssi-debugsource-1.1.1-3.el8.x86_64.rpm
Red Hat CodeReady Linux Builder (v. 8):
aarch64:
irssi-debuginfo-1.1.1-3.el8.aarch64.rpm
irssi-debugsource-1.1.1-3.el8.aarch64.rpm
irssi-devel-1.1.1-3.el8.aarch64.rpm
ppc64le:
irssi-debuginfo-1.1.1-3.el8.ppc64le.rpm
irssi-debugsource-1.1.1-3.el8.ppc64le.rpm
irssi-devel-1.1.1-3.el8.ppc64le.rpm
s390x:
irssi-debuginfo-1.1.1-3.el8.s390x.rpm
irssi-debugsource-1.1.1-3.el8.s390x.rpm
irssi-devel-1.1.1-3.el8.s390x.rpm
x86_64:
irssi-debuginfo-1.1.1-3.el8.i686.rpm
irssi-debuginfo-1.1.1-3.el8.x86_64.rpm
irssi-debugsource-1.1.1-3.el8.i686.rpm
irssi-debugsource-1.1.1-3.el8.x86_64.rpm
irssi-devel-1.1.1-3.el8.i686.rpm
irssi-devel-1.1.1-3.el8.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-13045
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.2_release_notes/index
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2020 Red Hat, Inc.
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBXqhVYtzjgjWX9erEAQgJHQ//UPBjusvsnrrO7OsN7J0NtXl3DLGfgKXL
vO1DeSk3wp7GUeM562vwgR/qkkKjIPrgYKulZsQUKfeAgQOmdzgo2rmdoqlGl87/
i3b7UBAdoL1SKEDIPqpDTtfzRWMSgx5fH6xwonqSU+s/q8SFguW3HZuZId+JimoT
lW1Knhlk0ETHw0a2KzDplC4AFmOTe2D7i1LYo6x+xsV+GFnC5Nk7/C4cWg6NE+lB
oShaADbZpyDwgO6UwIhb4D/d0TYN5f9MGB21k4Id49S7WUJMh9MJXZJO25j0Bd9b
56b49lpYwOZPmmh9vSzWC1x14Xw0OpC6Xvpe3/NnpnHbnhJ3b9pAEV8+hs+/4iPS
Dh4M8tCFj3ReNtEtN6WZ7A0cICCNEm/0a+FxddQybfeDMA2pujL1AF6qQtYgQVvf
j8zcX9FUYZlE+ltcnmrLLnU4bJ3ZxcZIMmF7yC19cHp/pxrD9asjqaGR2L9+1N27
Lm08BiNba6wy5QZeH77+rdwoixn4xBjGSY/qKFvxUApCmutpzN7n1cYu9idyNWwT
P+jIt8/aRf9cB6j7rPtNdpgHb7emfoja+fiJ/OqFxnI7ExRjqZohQdkIpuq0vqyi
IPtLNGcpm3vVgWsaVdYP/vezQ+LqaLtKriP2D2kK0HbdrmnhI9AuZatv86n/dsNe
OVy4PUqWjsM=
=SUVQ
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXqofyWaOgq3Tt24GAQjuNBAA1YfNjWHtPhS7D5nsdmEmLvAHHPJ4lsXo
5r+OydAoaxLLg35VMWvk+vjkNYtr0XyHiCao3ZO8bdNQZvFW4a5TU47qVmBjH5KZ
FsOQbU3ZOnodwImMvD33p9NEMWS+35qGVAT89cHz5wyM3K9rDd/BFuXBtPe8xs06
Vryd67NWMWuDSWx0go7tKm+WY97elh7MRNVgMFNE1/Cwa2KYVg6SbktCNMoliqRH
TrHTbbm67h2FCdzQoRV8Tp4Dugyv4d96r7lpADvdxYon5fhym+0nMUHJxOZvO4QU
IhhOTaEBIrKlOcIXGulBrRvUZEr46b8innPo7zEbh0eQsAC7qKE3b0fk06UbFcfB
HWv6XW/EwGiFly+8zHJ3rtdH7/OYrZbYwAHn3ccwGiC5jb7agawSSIeQGMy7obRr
shQJpC3aBAUnrv+nOgzeCD+KWtwm/h0Xl4sfGGhhO2VtcfZ9Z2QnAIbPFGNivu6h
CLRo0cX+SLwZRT5RnZsOywj7mHME44dMWYUN6nalACUVchsyQDfsxXJtH6g4xc0U
HcFXZG9gcFCVBF8VGiX3zsKyTiNnb1v6vwPElYV4OxomvNww7x9wItRMzodnaArU
9NbwzJiGJffx25QSRAhdLdUdt6MFStNZa4Nsm2Z7ZSRsIApICHYNGavjnCgGdFzD
RYRVMb65g+w=
=Q1Zh
-----END PGP SIGNATURE-----