From d062507f9dcb0f7b294863fda6c880312d2fec4e Mon Sep 17 00:00:00 2001 From: Thomas Deutschmann Date: Mon, 30 Mar 2020 16:46:59 +0200 Subject: [ GLSA 202003-63 ] GNU IDN Library 2: Multiple vulnerabilities Signed-off-by: Thomas Deutschmann --- glsa-202003-63.xml | 53 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 53 insertions(+) create mode 100644 glsa-202003-63.xml (limited to 'glsa-202003-63.xml') diff --git a/glsa-202003-63.xml b/glsa-202003-63.xml new file mode 100644 index 00000000..475b97bc --- /dev/null +++ b/glsa-202003-63.xml @@ -0,0 +1,53 @@ + + + + GNU IDN Library 2: Multiple vulnerabilities + Multiple vulnerabilities have been found in GNU IDN Library 2, the + worst of which could result in the remote execution of arbitrary code. + + libidn2 + 2020-03-30 + 2020-03-30 + 697752 + local, remote + + + 2.2.0 + 2.2.0 + + + +

GNU IDN Library 2 is an implementation of the IDNA2008 + TR46 + specifications (RFC 5890, RFC 5891, RFC 5892, RFC 5893, TR 46). +

+ + +

Multiple vulnerabilities have been discovered in GNU IDN Library 2. + Please review the CVE identifiers referenced below for details. +

+ + +

A remote attacker could send specially crafted input, possibly resulting + in execution of arbitrary code with the privileges of the process, + impersonation of domains or a Denial of Service condition. +

+ + +

There is no known workaround at this time.

+ + +

All GNU IDN Library 2 users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=net-dns/libidn2-2.2.0" + + + + + CVE-2019-12290 + CVE-2019-18224 + + whissi + whissi + -- cgit v1.2.3-65-gdbad