DebianDEBIAN:DLA-832-1:93FA0[SECURITY] [DLA 832-1] bitlbee security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.5%
Package : bitlbee
Version : 3.0.5-1.2+deb7u1
CVE ID : CVE-2016-10188 CVE-2016-10189 CVE-2017-5668
CVE-2017-5668
Fix for incomplete fix for "Null pointer dereference with file
transfer request from unknown contacts".
(Though this package wasn't in Wheezy with this issue, I
mention it here.
The fix was done with the second patch for CVE-2016-10189)
CVE-2016-10189
Null pointer dereference with file transfer request from unknown
contacts.
CVE-2016-10188
deactivate any incoming file transfer for bitlbee
This affects any libpurple protocol when used through BitlBee. It
does not affect other libpurple-based clients such as pidgin.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | amd64 | bitlbee-libpurple | < 3.0.5-1.2+deb7u1 | bitlbee-libpurple_3.0.5-1.2+deb7u1_amd64.deb |
| Debian | 7 | armhf | bitlbee | < 3.0.5-1.2+deb7u1 | bitlbee_3.0.5-1.2+deb7u1_armhf.deb |
| Debian | 7 | i386 | bitlbee-libpurple | < 3.0.5-1.2+deb7u1 | bitlbee-libpurple_3.0.5-1.2+deb7u1_i386.deb |
| Debian | 7 | amd64 | bitlbee-plugin-otr | < 3.0.5-1.2+deb7u1 | bitlbee-plugin-otr_3.0.5-1.2+deb7u1_amd64.deb |
| Debian | 7 | amd64 | bitlbee | < 3.0.5-1.2+deb7u1 | bitlbee_3.0.5-1.2+deb7u1_amd64.deb |
| Debian | 7 | i386 | bitlbee | < 3.0.5-1.2+deb7u1 | bitlbee_3.0.5-1.2+deb7u1_i386.deb |
| Debian | 7 | all | bitlbee-common | < 3.0.5-1.2+deb7u1 | bitlbee-common_3.0.5-1.2+deb7u1_all.deb |
| Debian | 7 | i386 | bitlbee-plugin-otr | < 3.0.5-1.2+deb7u1 | bitlbee-plugin-otr_3.0.5-1.2+deb7u1_i386.deb |
| Debian | 7 | armel | bitlbee | < 3.0.5-1.2+deb7u1 | bitlbee_3.0.5-1.2+deb7u1_armel.deb |
| Debian | 7 | armhf | bitlbee-plugin-otr | < 3.0.5-1.2+deb7u1 | bitlbee-plugin-otr_3.0.5-1.2+deb7u1_armhf.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
93.5%