Stay Secure with the Latest Linux Advisories

security advisoryFedoraCVE fix

Fedora 30: FEDORA-2019-160303ebeb Moderate: libidn2 CVE Fix

Libidn 2.3.0 (released 2019-11-14) has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) * Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Turn `_idn2_punycode_encode`, `_idn2_punycode_decode` into compat symbols (Fixes #74). --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2019-160303ebeb 2019-12-09 02:27:39.934905 --------------------------------------------------------------------------------Name : libidn2 Product : Fedora 30 Version : 2.3.0 Release : 1.fc30 URL : https://www.gnu.org/software/libidn/#libidn2 Summary : Library to support IDNA2008 internationalized domain names Description : Libidn2 is an implementation of the IDNA2008 specifications in RFC 5890, 5891, 5892, 5893 and TR46 for internationalized domain names (IDN). It is a standalone library, without any dependency on libidn. --------------------------------------------------------------------------------Update Information: Libidn 2.3.0 (released 2019-11-14) ================================== * Mitre has assigned CVE-2019-12290 which was fixed by the roundtrip feature introduced in 2.2.0 (commit 241e8f48) * Update the data tables from Unicode 6.3.0 to Unicode 11.0 * Turn `_idn2_punycode_encode`, `_idn2_punycode_decode` into compat symbols (Fixes #74) --------------------------------------------------------------------------------ChangeLog: * Sat Nov 16 2019 Robert Scheck 2.3.0-1 - Upgrade to 2.3.0 (#1764345, #1772703) * Thu Jul 25 2019 Fedora Release Engineering - 2.2.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild * Thu May 23 2019 Robert Scheck 2.2.0-1 - Upgrade to 2.2.0 (#1713402) --------------------------------------------------------------------------------References: [ 1 ] Bug #1772703 - libidn2-2.3.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=1772703 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-160303ebeb' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./ . The latest update for Libidn2 on Fedora addresses a crucial security vulnerability, significantly improving its handling of international domain names and overall Unicode functionality.. Libidn2 Update, Fedora Security, International Domain Names, CVE-2019-12290. . Severity: Important. LinuxSecurity.com Team

Dec 08, 2019 •Important Fedora