Ubuntu Security Notice 4168-1 - It was discovered that Libidn2 incorrectly handled certain inputs. A attacker could possibly use this issue to impersonate domains. It was discovered that Libidn2 incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code.
cf79bda79ca9397f2b33a211436016b37be02011ced052fcfc31479870124c25
=========================================================================
Ubuntu Security Notice USN-4168-1
October 29, 2019
libidn2 vulnerabilities
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
Summary:
Several security issues were fixed in Libidn2.
Software Description:
- libidn2: Internationalized domain names (IDNA2008/TR46) command line tool
Details:
It was discovered that Libidn2 incorrectly handled certain inputs.
A attacker could possibly use this issue to impersonate domains.
(CVE-2019-12290)
It was discovered that Libidn2 incorrectly handled certain inputs.
An attacker could possibly use this issue to execute arbitrary code.
(CVE-2019-18224)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
idn2 2.0.5-1ubuntu0.3
libidn2-0 2.0.5-1ubuntu0.3
Ubuntu 18.04 LTS:
idn2 2.0.4-1.1ubuntu0.2
libidn2-0 2.0.4-1.1ubuntu0.2
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/4168-1
CVE-2019-12290, CVE-2019-18224
Package Information:
https://launchpad.net/ubuntu/+source/libidn2/2.0.5-1ubuntu0.3
https://launchpad.net/ubuntu/+source/libidn2/2.0.4-1.1ubuntu0.2