Bugzilla – Bug 990190
VUL-1: CVE-2016-6261: libidn: out-of-bounds stack read in idna_to_ascii_4i
Last modified: 2016-10-24 08:21:56 UTC
http://seclists.org/oss-sec/2016/q3/124 The GNU libidn 1.33 release was announced with the following: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html ** libidn: Fix out-of-bounds stack read in idna_to_ascii_4i. See tests/tst_toascii64oob.c for regression check (and the comment in it how to use it). Reported by Hanno Boeck Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d Changelog: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=d4c533a5d975bf49090d3cd40acd230b8f79dd32 Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 lib/idna.c Use CVE-2016-6261. There is no CVE ID for a memory leak. The memory leak was a consequence of the original fix, and was eliminated minutes later during development. ----------------- The following is noted in the test code: /* Reported by Hanno Böck in https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00016.html */ /* This test requires you to build with CFLAGS="-fsanitize=address" and disable valgrind since asan and valgrind conflict. Thus normally a bit uneffective, but may be useful to have around. make make make clean make CFLAGS="-fsanitize=address" WERROR_CFLAGS= make CFLAGS="-fsanitize=address" WERROR_CFLAGS= check VALGRIND= Revert patch in URL above to trigger this self test. */ References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6261 http://seclists.org/oss-sec/2016/q3/124 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6261.html
An update workflow for this issue was started. This issue was rated as low. Please submit fixed packages until 2016-08-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62909
bugbot adjusting priority
SUSE-SU-2016:2079-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): libidn-1.28-4.1 SUSE Linux Enterprise Server 12-SP1 (src): libidn-1.28-4.1 SUSE Linux Enterprise Desktop 12-SP1 (src): libidn-1.28-4.1
openSUSE-SU-2016:2135-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: openSUSE Leap 42.1 (src): libidn-1.28-6.1
SUSE-SU-2016:2291-1: An update that fixes 5 vulnerabilities is now available. Category: security (moderate) Bug References: 923241,990189,990190,990191 CVE References: CVE-2015-2059,CVE-2015-8948,CVE-2016-6261,CVE-2016-6262,CVE-2016-6263 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): libidn-1.10-6.1 SUSE Linux Enterprise Server 11-SP4 (src): libidn-1.10-6.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): libidn-1.10-6.1
released