5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
75.9%
New libidn packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1,
14.2, and -current to fix security issues.
Here are the details from the Slackware 14.2 ChangeLog:
patches/packages/libidn-1.33-i586-1_slack14.2.txz: Upgraded.
Fixed out-of-bounds read bugs. Fixed crashes on invalid UTF-8.
Thanks to Hanno B??ck.
For more information, see:
https://vulners.com/cve/CVE-2015-8948
https://vulners.com/cve/CVE-2016-6261
https://vulners.com/cve/CVE-2016-6262
https://vulners.com/cve/CVE-2016-6263
(* Security fix *)
Where to find the new packages:
Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)
Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.
Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/libidn-1.33-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/libidn-1.33-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/libidn-1.33-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/libidn-1.33-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/libidn-1.33-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/libidn-1.33-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/libidn-1.33-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/libidn-1.33-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/libidn-1.33-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/libidn-1.33-x86_64-1_slack14.1.txz
Updated package for Slackware 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware-14.2/patches/packages/libidn-1.33-i586-1_slack14.2.txz
Updated package for Slackware x86_64 14.2:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.2/patches/packages/libidn-1.33-x86_64-1_slack14.2.txz
Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/l/libidn-1.33-i586-1.txz
Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/l/libidn-1.33-x86_64-1.txz
MD5 signatures:
Slackware 13.0 package:
e5752514537f9dad268e35f4101062ee libidn-1.33-i486-1_slack13.0.txz
Slackware x86_64 13.0 package:
7e6a2ff576c5e8b2d72d8c5b1a4d8411 libidn-1.33-x86_64-1_slack13.0.txz
Slackware 13.1 package:
42c97d03ccc4542a984e43aef3976b7a libidn-1.33-i486-1_slack13.1.txz
Slackware x86_64 13.1 package:
69a2301c667a4875d76ab22e8cda54bb libidn-1.33-x86_64-1_slack13.1.txz
Slackware 13.37 package:
983aa791e2f98abbc32d34aa15b0e3c0 libidn-1.33-i486-1_slack13.37.txz
Slackware x86_64 13.37 package:
749ac81f5fa1f362d3c9bfd51f258d01 libidn-1.33-x86_64-1_slack13.37.txz
Slackware 14.0 package:
38d23c897945740e43f5240fc0ab3783 libidn-1.33-i486-1_slack14.0.txz
Slackware x86_64 14.0 package:
ce0c6024df6b67239e4b439e1de8bdd6 libidn-1.33-x86_64-1_slack14.0.txz
Slackware 14.1 package:
34540e8d94e80d0a952fe01eaec76c12 libidn-1.33-i486-1_slack14.1.txz
Slackware x86_64 14.1 package:
9c0b9eda3ac3126ddf340317081f462f libidn-1.33-x86_64-1_slack14.1.txz
Slackware 14.2 package:
3d77f9aaa5ff41b7ac525e2818069c81 libidn-1.33-i586-1_slack14.2.txz
Slackware x86_64 14.2 package:
2b15d7c82f92c051111e390e225936c2 libidn-1.33-x86_64-1_slack14.2.txz
Slackware -current package:
2c480449f306e59dc50c7d700b0762cf l/libidn-1.33-i586-1.txz
Slackware x86_64 -current package:
4c060f5cd05eac8bfa897aceea85f1f2 l/libidn-1.33-x86_64-1.txz
Installation instructions:
Upgrade the package as root:
> upgradepkg libidn-1.33-i586-1_slack14.2.txz
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.005 Low
EPSS
Percentile
75.9%