Bug 41949

Summary: libidn: Multiple issues (3.3)
Product: UCS Reporter: Arvid Requate <requate>
Component: Security updatesAssignee: Arvid Requate <requate>
Status: CLOSED DUPLICATE QA Contact: Janek Walkenhorst <walkenhorst>
Severity: normal    
Priority: P2 CC: gohmann
Version: UCS 3.3Flags: requate: Patch_Available+
Target Milestone: UCS 3.3-0-errata   
Hardware: Other   
OS: Linux   
What kind of report is it?: Security Issue What type of bug is this?: ---
Who will be affected by this bug?: --- How will those affected feel about the bug?: ---
User Pain: Enterprise Customer affected?:
School Customer affected?: ISV affected?:
Waiting Support: Flags outvoted (downgraded) after PO Review:
Ticket number: Bug group (optional): Security
Max CVSS v3 score:
Bug Depends on: 39440    
Bug Blocks: 41950    

Description Arvid Requate univentionstaff 2016-08-09 17:27:23 CEST 
+++ This bug was initially created as a clone of Bug #39440 +++
Upstream Debian package version 1.25-2+deb7u1 fixes this issue:

* The stringprep_utf8_to_ucs4 function in libidn before 1.31, as used in jabberd2 and other applications, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read (CVE-2015-2059)

GNU Libidn is a fully documented implementation of the Stringprep, Punycode and IDNA specifications. Libidn's purpose is to encode and decode internationalized domain names.

Possibly affects gnutls, wget, and curl
Comment 1 Arvid Requate univentionstaff 2016-08-09 17:27:56 CEST 
Upstream Debian package version 1.25-2+deb7u2 fixes the following issues:

* Solve out-of-bounds-read when reading one zero byte as input (CVE-2015-8948)
* out-of-bounds stack read in idna_to_ascii_4i (CVE-2016-6261)
* stringprep_utf8_nfkc_normalize reject invalid UTF-8 (CVE-2016-6263)

CVE-2015-8948: CVSS v2 base score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-6261: CVSS v2 base score: 2.6 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVE-2016-6263: CVSS v2 base score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Comment 2 Arvid Requate univentionstaff 2016-10-05 11:10:26 CEST 

*** This bug has been marked as a duplicate of bug 42568 ***