ALAS2-2019-1373


Amazon Linux 2 Security Advisory: ALAS-2019-1373
Advisory Release Date: 2019-12-13 19:34 Pacific
Advisory Updated Date: 2019-12-18 01:19 Pacific
Severity: Medium

Issue Overview:

heap-based buffer overflow in idn2_to_ascii_4i in lib/lookup.c idn2_to_ascii_4i in lib/lookup.c in GNU libidn2 before 2.1.1 has a heap-based buffer overflow via a long domain string.(CVE-2019-18224 )


Affected Packages:

libidn2


Issue Correction:
Run yum update libidn2 to update your system.

New Packages:
aarch64:
    libidn2-2.3.0-1.amzn2.aarch64
    libidn2-devel-2.3.0-1.amzn2.aarch64
    idn2-2.3.0-1.amzn2.aarch64
    libidn2-debuginfo-2.3.0-1.amzn2.aarch64

i686:
    libidn2-2.3.0-1.amzn2.i686
    libidn2-devel-2.3.0-1.amzn2.i686
    idn2-2.3.0-1.amzn2.i686
    libidn2-debuginfo-2.3.0-1.amzn2.i686

src:
    libidn2-2.3.0-1.amzn2.src

x86_64:
    libidn2-2.3.0-1.amzn2.x86_64
    libidn2-devel-2.3.0-1.amzn2.x86_64
    idn2-2.3.0-1.amzn2.x86_64
    libidn2-debuginfo-2.3.0-1.amzn2.x86_64