RootSSV:4940WeeChat IRC消息远程拒绝服务漏洞
0.096 Low
EPSS
Percentile
94.8%
BUGTRAQ ID: 34148
CVE(CAN) ID: CVE-2009-0661
WeeChat(Wee Enhanced Environment for Chat)是一款高效的轻型IRC聊天客户端。
WeeChat IRC客户端没有正确地验证包含有某些颜色代码的IRC消息。如果远程攻击者发送了特制的PRIVMSG命令的话,就会导致越界读取内部的颜色数组,客户端可能会崩溃。
Flashtux WeeChat 0.2.6.0
厂商补丁:
Debian
Debian已经为此发布了一个安全公告(DSA-1744-1)以及相应补丁:
DSA-1744-1:New weechat packages fix denial of service
链接:<a href=“http://www.debian.org/security/2009/dsa-1744” target=“_blank”>http://www.debian.org/security/2009/dsa-1744</a>
补丁下载:
Source archives:
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6.orig.tar.gz</a>
Size/MD5 checksum: 1615289 96fec32d773e650fed0eb21d51a9a945
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.diff.gz</a>
Size/MD5 checksum: 2987 5a823583d320e0112fbf6f65c8d9d5a9
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1.dsc</a>
Size/MD5 checksum: 1288 95517e879e64485b1d8d2f0d93c231dc
Architecture independent packages:
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat_0.2.6-1+lenny1_all.deb</a>
Size/MD5 checksum: 19814 3dc3c119f404e9c06f01a2433058431e
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-common_0.2.6-1+lenny1_all.deb</a>
Size/MD5 checksum: 431768 8ba3ac668a829fcb4a5bdeb282249fc8
amd64 architecture (AMD x86_64 (AMD64))
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_amd64.deb</a>
Size/MD5 checksum: 214810 96cd728e453b0e2c24681fbdd51c376f
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_amd64.deb</a>
Size/MD5 checksum: 119354 c6f0ac09b5ee2b32d3fabf7515501c4a
arm architecture (ARM)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_arm.deb</a>
Size/MD5 checksum: 192764 1ba5ba2f44affa3ea338cd230acde438
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_arm.deb</a>
Size/MD5 checksum: 106736 f395304b5289245684ec30837bded1c1
armel architecture (ARM EABI)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_armel.deb</a>
Size/MD5 checksum: 195740 39cfcdb47694c7883979d2da7ab619aa
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_armel.deb</a>
Size/MD5 checksum: 108830 ea4f281358563ac7e3cc396f0ee10501
hppa architecture (HP PA RISC)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_hppa.deb</a>
Size/MD5 checksum: 223536 a83b056f959796e74629b5efd3617616
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_hppa.deb</a>
Size/MD5 checksum: 130270 7451de93d928fbd453eaf3a95dde1b65
i386 architecture (Intel ia32)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_i386.deb</a>
Size/MD5 checksum: 107776 ec239c51343e0ace3479559d9d7eaa7b
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_i386.deb</a>
Size/MD5 checksum: 189350 c95243a796896dde0b87f0da1aecfc7d
ia64 architecture (Intel ia64)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_ia64.deb</a>
Size/MD5 checksum: 149346 8f430bd31e411583fdbca07a11f9be27
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_ia64.deb</a>
Size/MD5 checksum: 315132 4a2f20117d12ccf245c798f7ed77da50
mips architecture (MIPS (Big Endian))
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mips.deb</a>
Size/MD5 checksum: 214212 bae1939afacb219991d1a96ba79fd61c
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mips.deb</a>
Size/MD5 checksum: 95196 6bb1cc04140c54080782765e2449dbe3
mipsel architecture (MIPS (Little Endian))
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_mipsel.deb</a>
Size/MD5 checksum: 214114 a37aa2884f081d654caceda230c19fab
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_mipsel.deb</a>
Size/MD5 checksum: 94412 8cdd416097d5c5c7a3372cf74fe0868e
powerpc architecture (PowerPC)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_powerpc.deb</a>
Size/MD5 checksum: 213552 b6388948dd607888576328cfab3d5ffe
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_powerpc.deb</a>
Size/MD5 checksum: 130426 5dad2dd2db74cd00cbcd8f408a607a23
s390 architecture (IBM S/390)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_s390.deb</a>
Size/MD5 checksum: 208666 c5e3a27466af91c297fb11187fe1fb31
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_s390.deb</a>
Size/MD5 checksum: 112248 921633d25598e4db478f8623a1b509e2
sparc architecture (Sun SPARC/UltraSPARC)
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-curses_0.2.6-1+lenny1_sparc.deb</a>
Size/MD5 checksum: 188520 f7354ec16c2629cc2ca8976afe5fd057
<a href=“http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb” target=“_blank”>http://security.debian.org/pool/updates/main/w/weechat/weechat-plugins_0.2.6-1+lenny1_sparc.deb</a>
Size/MD5 checksum: 109596 0d6bf31e83729c47b7598aee5d3f87e0
补丁安装方法:
- 手工安装补丁包:
首先,使用下面的命令来下载补丁软件:
wget url (url是补丁下载链接地址)
然后,使用下面的命令来安装补丁:
dpkg -i file.deb (file是相应的补丁名)
-
使用apt-get自动安装补丁包:
首先,使用下面的命令更新内部数据库:
apt-get update
然后,使用下面的命令安装更新软件包:
apt-get upgrade
Flashtux
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
<a href=“http://weechat.flashtux.org/” target=“_blank”>http://weechat.flashtux.org/</a>
Related
