Описание
Security update for libidn
This update for libidn fixes the following issues:
-
CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input (bsc#990189)
-
CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i (bsc#990190)
-
CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 (bsc#990191)
-
CVE-2015-2059: out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
SUSE Linux Enterprise Server for SAP Applications 11 SP4
SUSE Linux Enterprise Software Development Kit 11 SP4
Ссылки
- Link for SUSE-SU-2016:2291-1
- E-Mail link for SUSE-SU-2016:2291-1
- SUSE Security Ratings
- SUSE Bug 923241
- SUSE Bug 990189
- SUSE Bug 990190
- SUSE Bug 990191
- SUSE CVE CVE-2015-2059 page
- SUSE CVE CVE-2015-8948 page
- SUSE CVE CVE-2016-6261 page
- SUSE CVE CVE-2016-6262 page
- SUSE CVE CVE-2016-6263 page
Описание
The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-2059
- SUSE Bug 1173590
- SUSE Bug 919214
- SUSE Bug 923241
- SUSE Bug 937096
- SUSE Bug 937097
Описание
idn in GNU libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2015-8948
- SUSE Bug 1014473
- SUSE Bug 1173590
- SUSE Bug 1190777
- SUSE Bug 990189
Описание
The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via 64 bytes of input.
Затронутые продукты
Ссылки
- CVE-2016-6261
- SUSE Bug 1118435
- SUSE Bug 1173590
- SUSE Bug 990190
Описание
idn in libidn before 1.33 might allow remote attackers to obtain sensitive memory information by reading a zero byte as input, which triggers an out-of-bounds read, a different vulnerability than CVE-2015-8948.
Затронутые продукты
Ссылки
- CVE-2016-6262
- SUSE Bug 1014473
- SUSE Bug 1173590
- SUSE Bug 1190777
- SUSE Bug 990189
Описание
The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn before 1.33 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via crafted UTF-8 data.
Затронутые продукты
Ссылки
- CVE-2016-6263
- SUSE Bug 1118435
- SUSE Bug 990191