Описание
Security update for libidn
This update for libidn fixes the following issues:
-
CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189)
-
CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190)
-
CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191)
-
CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
SUSE Linux Enterprise Software Development Kit 12 SP1
Ссылки
- Link for SUSE-SU-2016:2079-1
- E-Mail link for SUSE-SU-2016:2079-1
- SUSE Security Ratings
- SUSE Bug 923241
- SUSE Bug 990189
- SUSE Bug 990190
- SUSE Bug 990191
- SUSE CVE CVE-2015-2059 page
- SUSE CVE CVE-2015-8948 page
- SUSE CVE CVE-2016-6261 page
- SUSE CVE CVE-2016-6262 page
- SUSE CVE CVE-2016-6263 page
Описание
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-2059
- SUSE Bug 1173590
- SUSE Bug 919214
- SUSE Bug 923241
- SUSE Bug 937096
- SUSE Bug 937097
Описание
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-8948
- SUSE Bug 1014473
- SUSE Bug 1173590
- SUSE Bug 1190777
- SUSE Bug 990189
Описание
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Затронутые продукты
Ссылки
- CVE-2016-6261
- SUSE Bug 1118435
- SUSE Bug 1173590
- SUSE Bug 990190
Описание
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Затронутые продукты
Ссылки
- CVE-2016-6262
- SUSE Bug 1014473
- SUSE Bug 1173590
- SUSE Bug 1190777
- SUSE Bug 990189
Описание
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
Затронутые продукты
Ссылки
- CVE-2016-6263
- SUSE Bug 1118435
- SUSE Bug 990191