Updated libidn packages fix security vulnerability
Publication date: 18 Jul 2026Modification date: 18 Jul 2026
Type: security
Affected Mageia releases : 10 , 9
CVE: CVE-2026-57053
Description
GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized
memory in the ToUnicode APIs because of mishandling in
idna_to_unicode_internal. The affected code is not present in libidn2.
(CVE-2026-57053)
References
- https://bugs.mageia.org/show_bug.cgi?id=35726
- http://www.slackware.com/security/viewer.php?l=slackware-security&y=2026&m=slackware-security.355846
- https://lists.gnu.org/archive/html/help-libidn/2026-05/msg00000.html
- https://lists.gnu.org/archive/html/help-libidn/2025-06/msg00000.html
- https://ubuntu.com/security/notices/USN-8521-1
- https://www.cve.org/CVERecord?id=CVE-2026-57053
SRPMS
10/core
- libidn-1.43-2.1.mga10
9/core
- libidn-1.41-2.1.mga9