USN-929-1 -- irssi vulnerabilitiesID: oval:org.secpod.oval:def:700086 | Date: (C)2011-01-28 (M)2021-06-02 |
Class: PATCH | Family: unix |
It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
Platform: |
Ubuntu 8.04 |
Ubuntu 8.10 |
Ubuntu 9.10 |
Ubuntu 9.04 |