[SECURITY] [DLA 1084-1] libidn security update

2017-09-0221:41:37

lists.debian.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.006 Low

EPSS

Percentile

77.7%

JSON

Package : libidn
Version : 1.25-2+deb7u3
CVE ID : CVE-2017-14062
Debian Bug : #873903

It was discovered that there was an integer overflow vulnerability in
libidn's Punycode handling (an encoding used to convert Unicode characters
to ASCII) which would have allowed remote attackers to cause a denial of
service.

For Debian 7 "Wheezy", this issue has been fixed in libidn version
1.25-2+deb7u3.

We recommend that you upgrade your libidn packages.

Regards,

  ,&#x27;&#x27;`.
 : :&#x27;  :     Chris Lamb
 `. `&#x27;`      [email protected] / chris-lamb.co.uk
   `-

OSVersionArchitecturePackageVersionFilename
Debian9i386libidn11< 1.33-1+deb9u1libidn11_1.33-1+deb9u1_i386.deb
Debian9amd64idn< 1.33-1+deb9u1idn_1.33-1+deb9u1_amd64.deb
Debian8kfreebsd-amd64libidn2-0-dev< 0.10-2+deb8u1libidn2-0-dev_0.10-2+deb8u1_kfreebsd-amd64.deb
Debian8s390xlibidn2-0< 0.10-2+deb8u1libidn2-0_0.10-2+deb8u1_s390x.deb
Debian9armhflibidn2-0-dbg< 0.16-1+deb9u1libidn2-0-dbg_0.16-1+deb9u1_armhf.deb
Debian7alllibidn11-java< 1.25-2+deb7u3libidn11-java_1.25-2+deb7u3_all.deb
Debian8i386libidn11< 1.29-1+deb8u3libidn11_1.29-1+deb8u3_i386.deb
Debian9armellibidn2-0-dev< 0.16-1+deb9u1libidn2-0-dev_0.16-1+deb9u1_armel.deb
Debian9mips64ellibidn11-dev< 1.33-1+deb9u1libidn11-dev_1.33-1+deb9u1_mips64el.deb
Debian8mipslibidn2-0-dbg< 0.10-2+deb8u1libidn2-0-dbg_0.10-2+deb8u1_mips.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	i386	libidn11	< 1.33-1+deb9u1	libidn11_1.33-1+deb9u1_i386.deb
Debian	9	amd64	idn	< 1.33-1+deb9u1	idn_1.33-1+deb9u1_amd64.deb
Debian	8	kfreebsd-amd64	libidn2-0-dev	< 0.10-2+deb8u1	libidn2-0-dev_0.10-2+deb8u1_kfreebsd-amd64.deb
Debian	8	s390x	libidn2-0	< 0.10-2+deb8u1	libidn2-0_0.10-2+deb8u1_s390x.deb
Debian	9	armhf	libidn2-0-dbg	< 0.16-1+deb9u1	libidn2-0-dbg_0.16-1+deb9u1_armhf.deb
Debian	7	all	libidn11-java	< 1.25-2+deb7u3	libidn11-java_1.25-2+deb7u3_all.deb
Debian	8	i386	libidn11	< 1.29-1+deb8u3	libidn11_1.29-1+deb8u3_i386.deb
Debian	9	armel	libidn2-0-dev	< 0.16-1+deb9u1	libidn2-0-dev_0.16-1+deb9u1_armel.deb
Debian	9	mips64el	libidn11-dev	< 1.33-1+deb9u1	libidn11-dev_1.33-1+deb9u1_mips64el.deb
Debian	8	mips	libidn2-0-dbg	< 0.10-2+deb8u1	libidn2-0-dbg_0.10-2+deb8u1_mips.deb