Bugzilla – Bug 990189
VUL-1: CVE-2015-8948,CVE-2016-6262: libidn: out-of-bounds-read when reading one zero byte as input
Last modified: 2018-10-04 22:52:48 UTC
http://seclists.org/oss-sec/2016/q3/124 The GNU libidn 1.33 release was announced with the following: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html ** idn: Solve out-of-bounds-read when reading one zero byte as input. Also replaced fgets with getline. Reported by Hanno Boeck idn is described at http://git.savannah.gnu.org/cgit/libidn.git/tree/src/idn.c as "Command line interface to the internationalized domain name library." An out-of-bounds read in a command-line program is not always security relevant. Also, msg00009.html lists the various items as "Noteworthy changes" and not specifically as security fixes. We think you might mean that someone can use idn to convert a file, and then send the converted file to an untrusted party. If there is an out-of-bounds read, then the converted file might include arbitrary data from process memory. Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 Use CVE-2015-8948. Follow-up fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 Use CVE-2016-6262. Mailing list report: https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6262 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8948 http://seclists.org/oss-sec/2016/q3/124 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6262.html http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8948.html
(In reply to Andreas Stieger from comment #0) > Mailing list report: > https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html Correction: this is not relevant for this bug.
This is an autogenerated message for OBS integration: This bug (990189) was mentioned in https://build.opensuse.org/request/show/412739 Factory / libidn https://build.opensuse.org/request/show/412740 13.2 / libidn
bugbot adjusting priority
openSUSE-SU-2016:1924-1: An update that fixes three vulnerabilities is now available. Category: security (moderate) Bug References: 990189,990191 CVE References: CVE-2015-8948,CVE-2016-6262,CVE-2016-6263 Sources used: openSUSE 13.2 (src): libidn-1.33-3.6.1
SUSE-SU-2016:2079-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libidn-1.28-4.1 SUSE Linux Enterprise Server 12-SP1 (src): libidn-1.28-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libidn-1.28-4.1
openSUSE-SU-2016:2135-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: openSUSE Leap 42.1 (src): libidn-1.28-6.1
SUSE-SU-2016:2291-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libidn-1.10-6.1 SUSE Linux Enterprise Server 11-SP4 (src): libidn-1.10-6.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libidn-1.10-6.1
released
*** Bug 1014473 has been marked as a duplicate of this bug. ***