Lucene search

DebianDEBIAN:DSA-3853-1:D2D71

HistoryMay 15, 2017 - 10:10 a.m.

[SECURITY] [DSA 3853-1] bitlbee security update

2017-05-1510:10:00

lists.debian.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

0.059

Percentile

93.5%

JSON

Debian Security Advisory DSA-3853-1 [email protected]
https://www.debian.org/security/ Sebastien Delafond
May 15, 2017 https://www.debian.org/security/faq

Package : bitlbee
CVE ID : CVE-2016-10188 CVE-2016-10189

It was discovered that bitlbee, an IRC to other chat networks gateway,
contained issues that allowed a remote attacker to cause a denial of
service (via application crash), or potentially execute arbitrary
commands.

For the stable distribution (jessie), these problems have been fixed in
version 3.2.2-2+deb8u1.

For the upcoming stable (stretch) and unstable (sid) distributions,
these problems have been fixed in version 3.5-1.

We recommend that you upgrade your bitlbee packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7armhfbitlbee-libpurple< 3.0.5-1.2+deb7u1bitlbee-libpurple_3.0.5-1.2+deb7u1_armhf.deb
Debian7i386bitlbee-plugin-otr< 3.0.5-1.2+deb7u1bitlbee-plugin-otr_3.0.5-1.2+deb7u1_i386.deb
Debian8s390xbitlbee< 3.2.2-2+deb8u1bitlbee_3.2.2-2+deb8u1_s390x.deb
Debian7amd64bitlbee-plugin-otr< 3.0.5-1.2+deb7u1bitlbee-plugin-otr_3.0.5-1.2+deb7u1_amd64.deb
Debian8i386bitlbee-plugin-otr< 3.2.2-2+deb8u1bitlbee-plugin-otr_3.2.2-2+deb8u1_i386.deb
Debian8powerpcbitlbee< 3.2.2-2+deb8u1bitlbee_3.2.2-2+deb8u1_powerpc.deb
Debian7armhfbitlbee-plugin-otr< 3.0.5-1.2+deb7u1bitlbee-plugin-otr_3.0.5-1.2+deb7u1_armhf.deb
Debian8kfreebsd-amd64bitlbee-plugin-otr< 3.2.2-2+deb8u1bitlbee-plugin-otr_3.2.2-2+deb8u1_kfreebsd-amd64.deb
Debian7armelbitlbee< 3.0.5-1.2+deb7u1bitlbee_3.0.5-1.2+deb7u1_armel.deb
Debian7armelbitlbee-plugin-otr< 3.0.5-1.2+deb7u1bitlbee-plugin-otr_3.0.5-1.2+deb7u1_armel.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	armhf	bitlbee-libpurple	< 3.0.5-1.2+deb7u1	bitlbee-libpurple_3.0.5-1.2+deb7u1_armhf.deb
Debian	7	i386	bitlbee-plugin-otr	< 3.0.5-1.2+deb7u1	bitlbee-plugin-otr_3.0.5-1.2+deb7u1_i386.deb
Debian	8	s390x	bitlbee	< 3.2.2-2+deb8u1	bitlbee_3.2.2-2+deb8u1_s390x.deb
Debian	7	amd64	bitlbee-plugin-otr	< 3.0.5-1.2+deb7u1	bitlbee-plugin-otr_3.0.5-1.2+deb7u1_amd64.deb
Debian	8	i386	bitlbee-plugin-otr	< 3.2.2-2+deb8u1	bitlbee-plugin-otr_3.2.2-2+deb8u1_i386.deb
Debian	8	powerpc	bitlbee	< 3.2.2-2+deb8u1	bitlbee_3.2.2-2+deb8u1_powerpc.deb
Debian	7	armhf	bitlbee-plugin-otr	< 3.0.5-1.2+deb7u1	bitlbee-plugin-otr_3.0.5-1.2+deb7u1_armhf.deb
Debian	8	kfreebsd-amd64	bitlbee-plugin-otr	< 3.2.2-2+deb8u1	bitlbee-plugin-otr_3.2.2-2+deb8u1_kfreebsd-amd64.deb
Debian	7	armel	bitlbee	< 3.0.5-1.2+deb7u1	bitlbee_3.0.5-1.2+deb7u1_armel.deb
Debian	7	armel	bitlbee-plugin-otr	< 3.0.5-1.2+deb7u1	bitlbee-plugin-otr_3.0.5-1.2+deb7u1_armel.deb