Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2021.3258 weechat security update 1 October 2021 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: weechat Publisher: Debian Operating System: Debian GNU/Linux Impact/Access: Denial of Service -- Remote/Unauthenticated Reduced Security -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2021-40516 CVE-2020-9760 CVE-2020-9759 CVE-2020-8955 Reference: ESB-2020.1056 Original Bulletin: http://www.debian.org/lts/security/2021/dla-2770 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2770-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Adrian Bunk September 30, 2021 https://wiki.debian.org/LTS - - ------------------------------------------------------------------------- Package : weechat Version : 1.6-1+deb9u3 CVE ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 CVE-2021-40516 Debian Bug : 951289 993803 Several vulnerabilities were fixed in the chat client WeeChat. CVE-2020-8955 A crafted irc message 324 (channel mode) could result in a crash. CVE-2020-9759 A crafted irc message 352 (who) could result in a crash. CVE-2020-9760 A crafted irc message 005 (setting a new mode for a nick) could result in a crash. CVE-2021-40516 A crafted WebSocket frame could result in a crash in the Relay plugin. For Debian 9 stretch, these problems have been fixed in version 1.6-1+deb9u3. We recommend that you upgrade your weechat packages. For the detailed security status of weechat please refer to its security tracker page at: https://security-tracker.debian.org/tracker/weechat Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmFVqGIACgkQiNJCh6LY mLFY8A/8DkcAHSFWnHcz1AtjmDqO4jAYR4/lkDXG8tik3OQG9TPdxv/trCPgmI40 7J/Bs4gB7gDPPkbuIA4EHKAM9Vh1w4uP2uWnu/cbYHDnK3ELlBLNOgpdGX+01bQa 0m8Iujyg126/oElKeosEC9TG4NcyFgLBfkeGpAsNFCHu9mDCeKZiuqG/iI07IHu9 DxEo2+8nSFsbyqP6bPuBcTRUm66ZdnJcxoIDfT85xx7PEeSc8tNCqz5PeUAgvxBU qZeJyRQkyj/ED170bdySvdDCbAxr3vwPs1lCjsClZCmHS7UNiYSFvduRt7U3wt1C NEBaNHKzbZQZATcuS27XCecjqv0vn7INhzQis9nAafIpjajBjTV0ytNAKheM/xdJ Q/WtLZuoNL0v0zyihPNgBzp1jTYiM76+gbSLT8YxF9FN/YDdV33uQ7DcK7PS2+9/ yVxtqMofF87Yxg4CeCEgZSYmyqBFf0HJyu+9UFSNyg4FdhjPE4QC4+y7gPjZWlLt jTY7QpAU21jA+sSRbm5Bznhns67sZhE+AaFjC9SM0DvJBpNFLB0SIi/IWeo3ZLUJ MduWosNHHPQdTyMn600qJlBa2yO+HSmV4Rfa1CGHLF07TA3tGgLviEsoXG9SbmdE 2CKN+CMBhWGJOi9iym+++x3HZTQ9DciUxuvo6u31Tq1RqZIrYog= =ZSvB - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYVZYHeNLKJtyKPYoAQgNMA/7BwYd7mW4+H5b8SO3agbBF6O1nJsZujmj G3ET3l0dYY9IPalgsSKlnnHNb0cJQzp/4rZycSkvogjXx2SXLEu42hUDf6g4tc3n TlfYyLl7Otn55xwxyYKnwsUh6IAOqzsTHUjddRQxjI0l5zaqV8lXvmvCfyGLhztl 5vH6o89QBM//lIQ0fGxGc5QSV5jcBDkbg3Ekpf9qgGvOw+qfmOMPUubfqU8yaj8x Wq76zlLQMCc8gb/m/BfTkMtj5rQ9X/IHm1Hnj1BRgxoq5LtYsZGpv71qFkVx46Ks lb/djRzzND5MWjl1fPai9n4MuDHCRIxKP6AsxyPykxAl84fceCXslTODeM+PVJHN tFGCkNGEWJMoT3yavHppbyV9+W/RFtM35+n2xOnwbCMFyC0GXqdLrBNxOAL5uGu+ wb/gYiYSJBw+TC4ysfWa2Lx9JS2cdpN0Iy384KlNBsFFNEVnCbsrhsUTxrm2qDBX co7on8/PvcSMlcls+Vnm9X8yh5jMPuLhkl06FNHTLhZ9w5SLIyHJ826nRBh2xoOe kd3J+jr/6Y6hGJeqRPMvyNTClYUBm2Dmm7F4W3Tz8g2QM3LvEA6pOfIhpjlmzsIH OJUZkiX3iTblLdRcW6z0xL+QvDmn+TSH2uPFbT7JvQUN2lnm7L56EoP9JSTHIixG bpiX0GRB7f4= =tzQG -----END PGP SIGNATURE-----