[arch-security] [ASA-201607-14] libidn: denial of service
Arch Linux Security Advisory ASA-201607-14 ========================================== Severity: Low Date : 2016-07-30 CVE-ID : CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263 Package : libidn Type : denial of service Remote : No Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package libidn before version 1.33-1 is vulnerable to denial of service. Resolution ========== Upgrade to 1.33-1. # pacman -Syu "libidn>=1.33-1" The problems have been fixed upstream in version 1.33. Workaround ========== None. Description =========== - CVE-2015-8948 (denial of service) Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck. - CVE-2016-6261 (denial of service) Fix out-of-bounds stack read in idna_to_ascii_4i. Reported by Hanno Boeck. - CVE-2016-6262 (denial of service) Really fix bug when reading \00 inputs. This issue results from an incomplete fix for CVE-2015-8948. - CVE-2016-6263 (denial of service) stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always documented to only accept UTF-8 data, but now it doesn't crash when presented with such data. Reported by Hanno Boeck. Impact ====== A local attacker can crash an application using libidn or the idn program using a specially crafted input, leading to denial of service. References ========== http://www.openwall.com/lists/oss-security/2016/07/21/4 https://access.redhat.com/security/cve/CVE-2015-8948 http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e62... https://access.redhat.com/security/cve/CVE-2016-6261 http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297e... https://access.redhat.com/security/cve/CVE-2016-6262 http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d... https://access.redhat.com/security/cve/CVE-2016-6263 http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd...
participants (1)
-
Remi Gacogne