1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4613-1] libidn2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sat Feb 1 07:10:01 2020
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : libidn2
    CVE ID : CVE-2019-18224
    Debian Bug : 942895

    A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for
    Internationalized Domain Names (IDNs), which could result in denial of
    service, or the execution of arbitrary code when processing a long
    domain string.

    For the stable distribution (buster), this problem has been fixed in
    version 2.0.5-1+deb10u1.

    We recommend that you upgrade your libidn2 packages.

    For the detailed security status of libidn2 please refer to its security tracker page at:
    https://security-tracker.debian.org/tracker/libidn2

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl40uPpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S/gw/9GW1HtnA4GMzDtDp5SMs8IvzKTzBuxwF+NfuO6TJAF1rZhkjylvhR24zm 24zclQQ/MUF3/j7wa8ududelVNCE69DejrG1a1cFZvHDru38EE5oPBhZUtsk9H6G Ohxo+Yu1WDD7tHVWqjK5A05W4m/e9wBH5S9HwuznDRJ2c2dniNmCaQG5AFo7Xbdh QgNKfqyveNSqV/hwns7QXsECg0Md+1sjP022kI7jy6g4oUis1vRS85ptYAZW9zZL 7A/xAMEfnXI4LP5c85axCfjPHcv43u1rC/h4c45siEuq0BttqcPDRDvNpceibxQj VtujfKWAVlTPWeLiEjzEzRXBdJLigJPZjCyDlT5lK8D/CUE/oLpoMAxEOFufk3wk vgHlD5nNVJMXEFL1vDo8RGoiNOBavO1pXuxCHZDEo5leOBI3YLoWm04AF5KWHdJB nDEfsO0rXix28yhmWhu2YfazbkINcxU0gKPOz6Le+vIy88/0EcrFATyyrpl9aEaj VX6PYZxJ6JtwUvwruEBWiciJV5KxR7HHUZ6eGd7HKcSYIUz889QjLApiuzhjieMp WbumsmAXpXKUq03ro/F7c6rH7rli/AP+HHytH2XL2mOzXAItT4kcThXXvxf1g6md sfeB2hLUKTdbujHzHU8vB1Wn2yVtCA7XiI2BGJRa/WG//zhkAT8=
    =aq9M
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)