drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Pufferüberlauf in libidn2
Name: |
Pufferüberlauf in libidn2 |
|
ID: |
DSA-4613-1 |
|
Distribution: |
Debian |
|
Plattformen: |
Debian buster |
|
Datum: |
Sa, 1. Februar 2020, 12:04 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18224 |
|
Applikationen: |
Libidn2 |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
- ------------------------------------------------------------------------- Debian Security Advisory DSA-4613-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso February 01, 2020 https://www.debian.org/security/faq - -------------------------------------------------------------------------
Package : libidn2 CVE ID : CVE-2019-18224 Debian Bug : 942895
A heap-based buffer overflow vulnerability was discovered in the idn2_to_ascii_4i() function in libidn2, the GNU library for Internationalized Domain Names (IDNs), which could result in denial of service, or the execution of arbitrary code when processing a long domain string.
For the stable distribution (buster), this problem has been fixed in version 2.0.5-1+deb10u1.
We recommend that you upgrade your libidn2 packages.
For the detailed security status of libidn2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/libidn2
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl40uPpfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0S/gw/9GW1HtnA4GMzDtDp5SMs8IvzKTzBuxwF+NfuO6TJAF1rZhkjylvhR24zm 24zclQQ/MUF3/j7wa8ududelVNCE69DejrG1a1cFZvHDru38EE5oPBhZUtsk9H6G Ohxo+Yu1WDD7tHVWqjK5A05W4m/e9wBH5S9HwuznDRJ2c2dniNmCaQG5AFo7Xbdh QgNKfqyveNSqV/hwns7QXsECg0Md+1sjP022kI7jy6g4oUis1vRS85ptYAZW9zZL 7A/xAMEfnXI4LP5c85axCfjPHcv43u1rC/h4c45siEuq0BttqcPDRDvNpceibxQj VtujfKWAVlTPWeLiEjzEzRXBdJLigJPZjCyDlT5lK8D/CUE/oLpoMAxEOFufk3wk vgHlD5nNVJMXEFL1vDo8RGoiNOBavO1pXuxCHZDEo5leOBI3YLoWm04AF5KWHdJB nDEfsO0rXix28yhmWhu2YfazbkINcxU0gKPOz6Le+vIy88/0EcrFATyyrpl9aEaj VX6PYZxJ6JtwUvwruEBWiciJV5KxR7HHUZ6eGd7HKcSYIUz889QjLApiuzhjieMp WbumsmAXpXKUq03ro/F7c6rH7rli/AP+HHytH2XL2mOzXAItT4kcThXXvxf1g6md sfeB2hLUKTdbujHzHU8vB1Wn2yVtCA7XiI2BGJRa/WG//zhkAT8= =aq9M -----END PGP SIGNATURE-----
|
|
|
|