Security update for libidn SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:1261-1 Final 1 1 2015-07-10T09:32:15Z current 2015-07-10T09:32:15Z 2015-07-10T09:32:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for libidn libidn was updated to version 1.31 to fix one security issue. This security issue was fixed: - CVE-2015-2059: Out-of-bounds read with stringprep on invalid UTF-8 (bsc#923241). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html E-Mail link for openSUSE-SU-2015:1261-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libidn-1.31-7.3.1 libidn-devel-1.31-7.3.1 libidn-tools-1.31-7.3.1 libidn11-1.31-7.3.1 libidn11-32bit-1.31-7.3.1 The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in jabberd2, allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. CVE-2015-2059 low Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-07/msg00042.html https://www.suse.com/security/cve/CVE-2015-2059.html CVE-2015-2059 https://bugzilla.suse.com/1173590 SUSE Bug 1173590 https://bugzilla.suse.com/919214 SUSE Bug 919214 https://bugzilla.suse.com/923241 SUSE Bug 923241 https://bugzilla.suse.com/937096 SUSE Bug 937096 https://bugzilla.suse.com/937097 SUSE Bug 937097