Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3258
weechat security update
1 October 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: weechat
Publisher: Debian
Operating System: Debian GNU/Linux
Impact/Access: Denial of Service -- Remote/Unauthenticated
Reduced Security -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2021-40516 CVE-2020-9760 CVE-2020-9759
CVE-2020-8955
Reference: ESB-2020.1056
Original Bulletin:
http://www.debian.org/lts/security/2021/dla-2770
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian LTS Advisory DLA-2770-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Adrian Bunk
September 30, 2021 https://wiki.debian.org/LTS
- - -------------------------------------------------------------------------
Package : weechat
Version : 1.6-1+deb9u3
CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516
Debian Bug : 951289 993803
Several vulnerabilities were fixed in the chat client WeeChat.
CVE-2020-8955
A crafted irc message 324 (channel mode) could result in a crash.
CVE-2020-9759
A crafted irc message 352 (who) could result in a crash.
CVE-2020-9760
A crafted irc message 005 (setting a new mode for a nick) could
result in a crash.
CVE-2021-40516
A crafted WebSocket frame could result in a crash in the Relay plugin.
For Debian 9 stretch, these problems have been fixed in version
1.6-1+deb9u3.
We recommend that you upgrade your weechat packages.
For the detailed security status of weechat please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/weechat
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFVqGIACgkQiNJCh6LY
mLFY8A/8DkcAHSFWnHcz1AtjmDqO4jAYR4/lkDXG8tik3OQG9TPdxv/trCPgmI40
7J/Bs4gB7gDPPkbuIA4EHKAM9Vh1w4uP2uWnu/cbYHDnK3ELlBLNOgpdGX+01bQa
0m8Iujyg126/oElKeosEC9TG4NcyFgLBfkeGpAsNFCHu9mDCeKZiuqG/iI07IHu9
DxEo2+8nSFsbyqP6bPuBcTRUm66ZdnJcxoIDfT85xx7PEeSc8tNCqz5PeUAgvxBU
qZeJyRQkyj/ED170bdySvdDCbAxr3vwPs1lCjsClZCmHS7UNiYSFvduRt7U3wt1C
NEBaNHKzbZQZATcuS27XCecjqv0vn7INhzQis9nAafIpjajBjTV0ytNAKheM/xdJ
Q/WtLZuoNL0v0zyihPNgBzp1jTYiM76+gbSLT8YxF9FN/YDdV33uQ7DcK7PS2+9/
yVxtqMofF87Yxg4CeCEgZSYmyqBFf0HJyu+9UFSNyg4FdhjPE4QC4+y7gPjZWlLt
jTY7QpAU21jA+sSRbm5Bznhns67sZhE+AaFjC9SM0DvJBpNFLB0SIi/IWeo3ZLUJ
MduWosNHHPQdTyMn600qJlBa2yO+HSmV4Rfa1CGHLF07TA3tGgLviEsoXG9SbmdE
2CKN+CMBhWGJOi9iym+++x3HZTQ9DciUxuvo6u31Tq1RqZIrYog=
=ZSvB
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYVZYHeNLKJtyKPYoAQgNMA/7BwYd7mW4+H5b8SO3agbBF6O1nJsZujmj
G3ET3l0dYY9IPalgsSKlnnHNb0cJQzp/4rZycSkvogjXx2SXLEu42hUDf6g4tc3n
TlfYyLl7Otn55xwxyYKnwsUh6IAOqzsTHUjddRQxjI0l5zaqV8lXvmvCfyGLhztl
5vH6o89QBM//lIQ0fGxGc5QSV5jcBDkbg3Ekpf9qgGvOw+qfmOMPUubfqU8yaj8x
Wq76zlLQMCc8gb/m/BfTkMtj5rQ9X/IHm1Hnj1BRgxoq5LtYsZGpv71qFkVx46Ks
lb/djRzzND5MWjl1fPai9n4MuDHCRIxKP6AsxyPykxAl84fceCXslTODeM+PVJHN
tFGCkNGEWJMoT3yavHppbyV9+W/RFtM35+n2xOnwbCMFyC0GXqdLrBNxOAL5uGu+
wb/gYiYSJBw+TC4ysfWa2Lx9JS2cdpN0Iy384KlNBsFFNEVnCbsrhsUTxrm2qDBX
co7on8/PvcSMlcls+Vnm9X8yh5jMPuLhkl06FNHTLhZ9w5SLIyHJ826nRBh2xoOe
kd3J+jr/6Y6hGJeqRPMvyNTClYUBm2Dmm7F4W3Tz8g2QM3LvEA6pOfIhpjlmzsIH
OJUZkiX3iTblLdRcW6z0xL+QvDmn+TSH2uPFbT7JvQUN2lnm7L56EoP9JSTHIixG
bpiX0GRB7f4=
=tzQG
-----END PGP SIGNATURE-----