|
|
Subscribe / Log in / New account

libidn: information disclosure

Package(s):libidn CVE #(s):CVE-2015-2059
Created:July 20, 2015 Updated:May 18, 2016
Description: From the Debian LTS advisory:

Thijs Alkemade discovered that the Jabber server may pass an invalid UTF-8 string to libidn, the GNU library for Internationalized Domain Names (IDNs). In the case of the Jabber server, this results in information disclosure, and it is likely that some other applications using libidn have similar vulnerabilities. This update changes libidn to check for invalid strings rather than assuming that the application has done so.

Alerts:
openSUSE openSUSE-SU-2016:2277-1 wget 2016-09-09
Ubuntu USN-3068-1 libidn 2016-08-24
openSUSE openSUSE-SU-2016:2135-1 libidn 2016-08-23
Debian-LTS DLA-476-1 libidn 2016-05-18
Debian DSA-3578-1 libidn 2016-05-14
Debian-LTS DLA-291-1 libidn 2015-08-16
Mageia MGASA-2015-0349 libidn 2015-09-08
Fedora FEDORA-2015-11621 libidn 2015-07-29
Fedora FEDORA-2015-11562 libidn 2015-07-29
openSUSE openSUSE-SU-2015:1261-1 libidn 2015-07-17
Debian-LTS DLA-277-1 libidn 2015-07-20
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds