Download
| Alert*
oval:org.secpod.oval:def:109368
GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names working group, used for internationalized domain names. oval:org.secpod.oval:def:602500 It was discovered that libidn, the GNU library for Internationalized Domain Names , did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library. oval:org.secpod.oval:def:108834 Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. oval:org.secpod.oval:def:89045267 This update for libidn fixes the following issues: - CVE-2016-6262 and CVE-2015-8948: Out-of-bounds-read when reading one zero byte as input - CVE-2016-6261: Out-of-bounds stack read in idna_to_ascii_4i - CVE-2016-6263: stringprep_utf8_nfkc_normalize reject invalid UTF-8 - CVE-2015-2059: out-of-b ... oval:org.secpod.oval:def:52802 libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn. oval:org.secpod.oval:def:25183 The host is installed with libidn on Red Hat Enterprise Linux 6 or 7 and is prone to an information disclosure vulnerability. A flaw is present in the application, which fails to handle an invalid UTF-8 value. Successful exploitation could allow attackers to disclose sensitive information. oval:org.secpod.oval:def:109364 GNU Libidn is an implementation of the Stringprep, Punycode and IDNA specifications defined by the IETF Internationalized Domain Names working group, used for internationalized domain names. oval:org.secpod.oval:def:703245 libidn: implementation of IETF IDN specifications Several security issues were fixed in Libidn. |