ASA-202002-12 log original external raw

[ASA-202002-12] weechat: multiple issues
Arch Linux Security Advisory ASA-202002-12 ========================================== Severity: Critical Date : 2020-02-25 CVE-ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 Package : weechat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1103 Summary ======= The package weechat before version 2.7.1-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 2.7.1-1. # pacman -Syu "weechat>=2.7.1-1" The problems have been fixed upstream in version 2.7.1. Workaround ========== None. Description =========== - CVE-2020-8955 (arbitrary code execution) A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode). - CVE-2020-9759 (denial of service) A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read resulting in denial of service (crash). - CVE-2020-9760 (arbitrary code execution) A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to writing out of the allocated prefixes array when setting a prefix, resulting in denial of service (crash) or even arbitrary code execution. Impact ====== A remote attacker can crash the client and execute code remotely via a malformed message. References ========== https://weechat.org/news/113/20200220-Version-2.7.1-security-release/ https://github.com/weechat/weechat/commit/51a739df615f8ec66fbe1e9682ec3c3218254ad7 https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d https://security.archlinux.org/CVE-2020-8955 https://security.archlinux.org/CVE-2020-9759 https://security.archlinux.org/CVE-2020-9760

[ASA-202002-12] weechat: multiple issues

Arch Linux Security Advisory ASA-202002-12 ========================================== Severity: Critical Date : 2020-02-25 CVE-ID : CVE-2020-8955 CVE-2020-9759 CVE-2020-9760 Package : weechat Type : multiple issues Remote : Yes Link : https://security.archlinux.org/AVG-1103 Summary ======= The package weechat before version 2.7.1-1 is vulnerable to multiple issues including arbitrary code execution and denial of service. Resolution ========== Upgrade to 2.7.1-1. # pacman -Syu "weechat>=2.7.1-1" The problems have been fixed upstream in version 2.7.1. Workaround ========== None. Description =========== - CVE-2020-8955 (arbitrary code execution) A heap-based out-of-bounds write has been found in the IRC plugin of Weechat before 2.7.1, in irc-mode.c, when receiving a malformed IRC message 324 (channel mode). - CVE-2020-9759 (denial of service) A heap-based out-of-bounds read has been found in Weechat before 2.7.1, when receiving a malformed IRC message 352 (WHO). It could lead to a off-by-one read resulting in denial of service (crash). - CVE-2020-9760 (arbitrary code execution) A heap-based out-of-bounds write has been found in Weechat before 2.7.1, when a new IRC message 005 is received with longer nick prefixes. It could lead to writing out of the allocated prefixes array when setting a prefix, resulting in denial of service (crash) or even arbitrary code execution. Impact ====== A remote attacker can crash the client and execute code remotely via a malformed message. References ========== https://weechat.org/news/113/20200220-Version-2.7.1-security-release/ https://github.com/weechat/weechat/commit/51a739df615f8ec66fbe1e9682ec3c3218254ad7 https://github.com/weechat/weechat/commit/c827d6fa864e2c0b79cea640c45272e83703081e https://github.com/weechat/weechat/commit/694b5c9f874d7337cd2e03761e0de435275dd64d https://security.archlinux.org/CVE-2020-8955 https://security.archlinux.org/CVE-2020-9759 https://security.archlinux.org/CVE-2020-9760