Updated libidn packages fix CVE-2015-2059
Publication date: 08 Sep 2015Type: security
Affected Mageia releases : 5
CVE: CVE-2015-2059
Description
Updated libidn packages fix security vulnerability: In libidn before 1.31, stringprep_utf8_to_ucs4 did not validate that the input UTF-8 string was actually valid UTF-8, which could lead to out-of-bounds reads (CVE-2015-2059).
References
- https://bugs.mageia.org/show_bug.cgi?id=16342
- http://lists.gnu.org/archive/html/info-gnu/2015-03/msg00000.html
- http://lists.gnu.org/archive/html/info-gnu/2015-07/msg00003.html
- http://lists.gnu.org/archive/html/info-gnu/2015-08/msg00000.html
- http://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2059
SRPMS
5/core
- libidn-1.32-1.mga5