Fedora 27: 2017-b469be1a72 Critical: Libidn2 Integer Overflow Fix

Libidn2 is an implementation of the IDNA2008 specifications in RFC

5890, 5891, 5892 and 5893 for internationalized domain names (IDN).

It is a standalone library, without any dependency on libidn.

Libidn2 2.0.4 (released 2017-08-30) =================================== * Fix

integer overflow in bidi.c/_isBidi() * Fix integer overflow in

puny_decode.c/decode_digit() * Improve docs * Fix idna_free() to idn_free()

* Update fuzzer corpora

[ 1 ] Bug #1486882 - CVE-2017-14062 libidn2: Integer overflow in puny_decode.c/decode_digit

https://bugzilla.redhat.com/show_bug.cgi?id=1486882

[ 2 ] Bug #1486881 - CVE-2017-14061 libidn2: integer overflow in bidi.c/_isBidi()

https://bugzilla.redhat.com/show_bug.cgi?id=1486881

su -c 'dnf upgrade mingw-libidn2' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org