| Errata ID | 240 |
|---|---|
| Date | 2016-09-07 |
| Source package | libidn |
| Fixed in version | 1.25-2.21.201608291233 |
| Description | This update addresses the following issue(s): * The stringprep_utf8_to_ucs4 function in libidn before 1.31, as used in jabberd2 and other applications, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read (CVE-2015-2059) * Solve out-of-bounds-read when reading one zero byte as input (CVE-2015-8948) * out-of-bounds stack read in idna_to_ascii_4i (CVE-2016-6261) * stringprep_utf8_nfkc_normalize reject invalid UTF-8 (CVE-2016-6263) |
| Additional notes | |
| CVE ID | CVE-2015-2059 CVE-2015-8948 CVE-2016-6261 CVE-2016-6263 |
| UCS Bug number | #39440 |
