Package : libidn Version : 1.25-2+deb7u2 CVE ID : CVE-2015-8948 CVE-2016-6261 CVE-2016-6263
Multiple vulnerabilities have been discovered in libidn. The Common
Vulnerabilities and Exposures project identifies the following problems:
CVE-2015-8948
When idn is reading one zero byte as input an out-of-bounds-read occurred.
CVE-2016-6261
An out-of-bounds stack read is exploitable in idna_to_ascii_4i.
CVE-2016-6263
stringprep_utf8_nfkc_normalize reject invalid UTF-8, causes a crash.
For Debian 7 "Wheezy", these problems have been fixed in version
1.25-2+deb7u2.
We recommend that you upgrade your libidn packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
signature.asc
Description: PGP signature
