Summary
Ubuntu Update for Linux kernel vulnerabilities USN-929-2
Solution
Please Install the Updated Packages.
Insight
USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
Affected
irssi regression on Ubuntu 8.04 LTS ,
Ubuntu 8.10 ,
Ubuntu 9.04 ,
Ubuntu 9.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2010-1155, CVE-2010-1156 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities