Ubuntu Update For Irssi Vulnerabilities USN-929-1 Network Vulnerability

Summary

Ubuntu Update for Linux kernel vulnerabilities USN-929-1

Solution

Please Install the Updated Packages.

Insight

It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155) Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156) This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.

Affected

irssi vulnerabilities on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

Severity

Classification

CVE CVE-2010-1155, CVE-2010-1156
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Ubuntu Update for apt USN-1762-1
Ubuntu Update for bluez-utils vulnerability USN-413-1
Ubuntu Update for bind9 USN-1139-1
Ubuntu Update for backuppc USN-1249-1
Ubuntu Update for awstats vulnerability USN-686-1

Ubuntu Update for irssi vulnerabilities USN-929-1

Take action and discover your vulnerabilities