Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:2613-1

Опубликовано: 03 дек. 2019
Источник: suse-cvrf

Описание

Security update for libidn2

This update for libidn2 to version 2.2.0 fixes the following issues:

  • CVE-2019-12290: Fixed an improper round-trip check when converting A-labels to U-labels (bsc#1154884).
  • CVE-2019-18224: Fixed a heap-based buffer overflow that was caused by long domain strings (bsc#1154887).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
libidn2-0-2.2.0-lp150.2.3.1
libidn2-0-32bit-2.2.0-lp150.2.3.1
libidn2-devel-2.2.0-lp150.2.3.1
libidn2-lang-2.2.0-lp150.2.3.1
libidn2-tools-2.2.0-lp150.2.3.1

Ссылки

Описание

GNU libidn2 before 2.2.0 fails to perform the roundtrip checks specified in RFC3490 Section 4.2 when converting A-labels to U-labels. This makes it possible in some circumstances for one domain to impersonate another. By creating a malicious domain that matches a target domain except for the inclusion of certain punycoded Unicode characters (that would be discarded when converted first to a Unicode label and then back to an ASCII label), arbitrary domains can be impersonated.

Затронутые продукты
openSUSE Leap 15.0:libidn2-0-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-0-32bit-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-devel-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-lang-2.2.0-lp150.2.3.1
Ссылки

Описание

idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.

Затронутые продукты
openSUSE Leap 15.0:libidn2-0-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-0-32bit-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-devel-2.2.0-lp150.2.3.1
openSUSE Leap 15.0:libidn2-lang-2.2.0-lp150.2.3.1
Ссылки