Bug 1486881 (CVE-2017-14061)

Summary: CVE-2017-14061 libidn2: integer overflow in bidi.c/_isBidi()
Product: [Other] Security Response Reporter: Pedro Sampaio <psampaio>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mlichvar, nmavrogi, redhat-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-06-08 03:23:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1486883, 1486884, 1486885, 1487777    
Bug Blocks:    

Description Pedro Sampaio 2017-08-30 17:23:17 UTC 
A integer overflow was found in libidn2 that could potentialy cause denial of service.

Upstream patch:

http://git.savannah.gnu.org/cgit/libidn/libidn2.git/commit/?h=libidn2-2.0.4&id=16853b6973a1e72fee2b7cccda85472cb9951305

References:

https://bugzilla.novell.com/show_bug.cgi?id=1056451
https://lists.gnu.org/archive/html/info-gnu/2017-08/msg00013.html
Comment 1 Pedro Sampaio 2017-08-30 17:27:00 UTC 
Created libidn2 tracking bugs for this issue:

Affects: epel-all [bug 1486884]
Affects: fedora-all [bug 1486885]


Created mingw-libidn2 tracking bugs for this issue:

Affects: fedora-all [bug 1486883]
Comment 2 Pedro Sampaio 2017-09-01 21:38:32 UTC 
Created mingw-libidn2 tracking bugs for this issue:

Affects: epel-7 [bug 1487777]