Summary
Ubuntu Update for Linux kernel vulnerabilities USN-929-1
Solution
Please Install the Updated Packages.
Insight
It was discovered that irssi did not perform certificate host validation when using SSL connections. An attacker could exploit this to perform a man in the middle attack to view sensitive information or alter encrypted communications. (CVE-2010-1155)
Aurelien Delaitre discovered that irssi could be made to dereference a NULL pointer when a user left the channel. A remote attacker could cause a denial of service via application crash. (CVE-2010-1156)
This update also adds SSLv3 and TLSv1 support, while disabling the old, insecure SSLv2 protocol.
Affected
irssi vulnerabilities on Ubuntu 8.04 LTS ,
Ubuntu 8.10 ,
Ubuntu 9.04 ,
Ubuntu 9.10
Severity
Classification
-
CVE CVE-2010-1155, CVE-2010-1156 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities