Bug 490709 (CVE-2009-0661)

Summary: CVE-2009-0661 WeeChat: DoS (crash) when receiving special characters in IRC messages
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: i, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://weechat.flashtux.org/download.php
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-31 14:15:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jan Lieskovsky 2009-03-17 17:57:30 UTC 
A denial of service flaw was found in the WeeChat IRC client. A remote attacker
could use this flaw to cause the WeeChat client crash, via special 
characters sent in a IRC message.

References:
http://weechat.flashtux.org/download.php
https://savannah.nongnu.org/bugs/index.php?25862

Solution:
Please upgrade to latest upstream release 0.2.6.1.
Comment 1 Jan Lieskovsky 2009-03-19 10:28:08 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0661 to
the following vulnerability:

Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote
attackers to cause a denial of service (crash) via a crafted IRC
message that contains unspecified "special chars."

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0661
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940
http://savannah.nongnu.org/bugs/index.php?25862
http://weechat.flashtux.org/
http://www.securityfocus.com/bid/34148
http://secunia.com/advisories/34304
Comment 4 Paul P Komkoff Jr 2009-03-19 15:40:07 UTC 
I am about to push the update
Comment 5 Fedora Update System 2009-03-19 15:49:03 UTC 
weechat-0.2.6.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/weechat-0.2.6.1-1.fc9
Comment 6 Fedora Update System 2009-03-19 15:49:08 UTC 
weechat-0.2.6.1-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/weechat-0.2.6.1-1.fc10
Comment 7 Fedora Update System 2009-03-20 18:33:11 UTC 
weechat-0.2.6.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2009-03-20 18:35:30 UTC 
weechat-0.2.6.1-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.