Ubuntu Update for Linux kernel vulnerabilities USN-929-2

Please Install the Updated Packages.

USN-929-1 fixed vulnerabilities in irssi. The upstream changes introduced a regression when using irssi with SSL and an IRC proxy. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155) Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156) This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.

irssi regression on Ubuntu 8.04 LTS , Ubuntu 8.10 , Ubuntu 9.04 , Ubuntu 9.10

• https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-April/001085.html

---

Updated on 2015-03-25