Bug 490709 - (CVE-2009-0661) CVE-2009-0661 WeeChat: DoS (crash) when receiving special characters in IRC messages
CVE-2009-0661 WeeChat: DoS (crash) when receiving special characters in IRC m...
Status: CLOSED CURRENTRELEASE
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
http://weechat.flashtux.org/download.php
reported=20090316,public=20090314,imp...
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-03-17 13:57 EDT by Jan Lieskovsky
Modified: 2010-05-31 10:15 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-05-31 10:15:44 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2009-03-17 13:57:30 EDT
A denial of service flaw was found in the WeeChat IRC client. A remote attacker
could use this flaw to cause the WeeChat client crash, via special 
characters sent in a IRC message.

References:
http://weechat.flashtux.org/download.php
https://savannah.nongnu.org/bugs/index.php?25862

Solution:
Please upgrade to latest upstream release 0.2.6.1.
Comment 1 Jan Lieskovsky 2009-03-19 06:28:08 EDT
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-0661 to
the following vulnerability:

Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote
attackers to cause a denial of service (crash) via a crafted IRC
message that contains unspecified "special chars."

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0661
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=519940
http://savannah.nongnu.org/bugs/index.php?25862
http://weechat.flashtux.org/
http://www.securityfocus.com/bid/34148
http://secunia.com/advisories/34304
Comment 4 Paul P Komkoff Jr 2009-03-19 11:40:07 EDT
I am about to push the update
Comment 5 Fedora Update System 2009-03-19 11:49:03 EDT
weechat-0.2.6.1-1.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/weechat-0.2.6.1-1.fc9
Comment 6 Fedora Update System 2009-03-19 11:49:08 EDT
weechat-0.2.6.1-1.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/weechat-0.2.6.1-1.fc10
Comment 7 Fedora Update System 2009-03-20 14:33:11 EDT
weechat-0.2.6.1-1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2009-03-20 14:35:30 EDT
weechat-0.2.6.1-1.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.