[arch-security] [ASA-201607-14] libidn: denial of service

Remi Gacogne rgacogne at archlinux.org
Sat Jul 30 15:55:51 UTC 2016


Arch Linux Security Advisory ASA-201607-14
==========================================

Severity: Low
Date    : 2016-07-30
CVE-ID  : CVE-2015-8948 CVE-2016-6261 CVE-2016-6262 CVE-2016-6263
Package : libidn
Type    : denial of service
Remote  : No
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package libidn before version 1.33-1 is vulnerable to denial of service.

Resolution
==========

Upgrade to 1.33-1.

# pacman -Syu "libidn>=1.33-1"

The problems have been fixed upstream in version 1.33.

Workaround
==========

None.

Description
===========

- CVE-2015-8948 (denial of service)

Solve out-of-bounds-read when reading one zero byte as input. Also
replaced fgets with getline. Reported by Hanno Boeck.

- CVE-2016-6261 (denial of service)

Fix out-of-bounds stack read in idna_to_ascii_4i. Reported by Hanno Boeck.

- CVE-2016-6262 (denial of service)

Really fix bug when reading \00 inputs. This issue results from an
incomplete fix for CVE-2015-8948.

- CVE-2016-6263 (denial of service)

stringprep_utf8_nfkc_normalize reject invalid UTF-8. It was always
documented to only accept UTF-8 data, but now it doesn't crash when
presented with such data. Reported by Hanno Boeck.

Impact
======

A local attacker can crash an application using libidn or the idn
program using a specially crafted input, leading to denial of service.

References
==========

http://www.openwall.com/lists/oss-security/2016/07/21/4
https://access.redhat.com/security/cve/CVE-2015-8948
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041
https://access.redhat.com/security/cve/CVE-2016-6261
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d
https://access.redhat.com/security/cve/CVE-2016-6262
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
https://access.redhat.com/security/cve/CVE-2016-6263
http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160730/32151c09/attachment.asc>


More information about the arch-security mailing list