OVAL Reference oval:org.mitre.oval:def:13254

Oval Definition:

oval:org.mitre.oval:def:13254

Revision Date:	2014-06-30	Version:	20
Title:	USN-929-2 -- irssi regression
Description:	USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
Family:	unix	Class:	patch
Status:	ACCEPTED	Reference(s):	CVE-2010-1155 CVE-2010-1156 USN-929-2 USN-929-2
Platform(s):	Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.04 Ubuntu 9.10	Product(s):	irssi
Definition Synopsis
Release section Ubuntu 8.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND Packages section irssi-dev DPKG is earlier than 0.8.12-3ubuntu3.3 OR irssi DPKG is earlier than 0.8.12-3ubuntu3.3 OR Release section Ubuntu 8.10 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND Packages section irssi-dev DPKG is earlier than 0.8.12-4ubuntu2.3 OR irssi DPKG is earlier than 0.8.12-4ubuntu2.3 OR Release section Ubuntu 9.10 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND Packages section irssi-dev DPKG is earlier than 0.8.14-1ubuntu1.2 OR irssi DPKG is earlier than 0.8.14-1ubuntu1.2 OR Release section Ubuntu 9.04 is installed AND Supported architectures section Installed architecture is sparc OR Installed architecture is i386 OR Installed architecture is amd64 OR Installed architecture is lpia OR Installed architecture is powerpc AND Packages section irssi-dev DPKG is earlier than 0.8.12-6ubuntu1.3 OR irssi DPKG is earlier than 0.8.12-6ubuntu1.3

BACK