Fix buffer overflow when parsing IRC colors.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- added weechat-fix-hook_process-shell-injection.patch     which fixes a shell injection vulnerability in the     hook_process function (bnc#790217, CVE-2012-5534)

  - added     weechat-fix-buffer-overflow-in-irc-color-decoding.patch     which fixes a heap-based overflow when decoding IRC     colors in strings (bnc#789146, CVE-2012-5854)

Updated weechat packages fix security vulnerability :

A buffer overflow is causing a crash or freeze of WeeChat (0.36 to 0.39) when decoding IRC colors in strings. The packages have been patched to fix this problem (CVE-2012-5854).

Untrusted command for function hook_process in WeeChat before 0.3.9.2 could lead to execution of commands, because of shell expansions (so the problem is only caused by some scripts, not by WeeChat itself) (CVE-2012-5534).

The remote host is affected by the vulnerability described in GLSA-201405-03 (WeeChat: Multiple vulnerabilities)

    Two vulnerabilities have been discovered in WeeChat:
      The hook_process() function does not properly handle shell expansions         (CVE-2012-5534).
      WeeChat does not properly decode colors which could cause a         heap-based buffer overflow (CVE-2012-5854).
  Impact :

    A remote attacker could entice a user to open a specially crafted script       or send messages with specially crafted colors, possibly resulting in       execution of arbitrary code with the privileges of the process, or a       Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

Sebastien Helleu reports :

A buffer overflow is causing a crash or freeze of WeeChat when decoding IRC colors in strings.

Workaround for a non-patched version : /set irc.network.colors_receive off

New upstream version Fix arbitrary code execution due to call of shell when executing command within hook_process Fix the security bug in the linked Bugzilla.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Published	Updated	Severity
62915	Fedora 18 : weechat-0.3.8-3.fc18 (2012-17950)	Nessus	Fedora Local Security Checks	11/14/2012	1/11/2021	high
62954	Fedora 16 : weechat-0.3.8-3.fc16 (2012-18006)	Nessus	Fedora Local Security Checks	11/19/2012	1/11/2021	high
74822	openSUSE Security Update : weechat (openSUSE-SU-2012:1580-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/19/2021	high
66148	Mandriva Linux Security Advisory : weechat (MDVSA-2013:136)	Nessus	Mandriva Local Security Checks	4/20/2013	1/6/2021	high
62953	Fedora 17 : weechat-0.3.8-3.fc17 (2012-17973)	Nessus	Fedora Local Security Checks	11/19/2012	1/11/2021	high
73859	GLSA-201405-03 : WeeChat: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	5/5/2014	1/6/2021	high
62887	FreeBSD : weechat -- Crash or freeze when decoding IRC colors in strings (e02c572f-2af0-11e2-bb44-003067b2972c)	Nessus	FreeBSD Local Security Checks	11/12/2012	1/6/2021	high
63212	Fedora 17 : weechat-0.3.9.2-2.fc17 (2012-19533)	Nessus	Fedora Local Security Checks	12/11/2012	1/11/2021	high
63237	Fedora 18 : weechat-0.3.9.2-2.fc18 (2012-19588)	Nessus	Fedora Local Security Checks	12/12/2012	1/11/2021	high
63236	Fedora 16 : weechat-0.3.9.2-2.fc16 (2012-19538)	Nessus	Fedora Local Security Checks	12/12/2012	1/11/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high