openSUSE Security Update: Security update for libidn2 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:2410-1 Rating: moderate References: #1056450 #1056451 #1056981 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that contains security fixes can now be installed. Description: This update for libidn2 fixes the following issues: * integer overflow in bidi.c/_isBidi() could lead to unexpected behavior (boo#1056451) * integer overflow in puny_decode.c/decode_digit() could lead to unexpected behavior (boo#1056450) libunistring was rebuilt to supply a -32bit package, a dependency for libidn2-0-32bit (boo#1056981). Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2017-1036=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.3 (i586 x86_64): libidn2-0-2.0.4-3.1 libidn2-0-debuginfo-2.0.4-3.1 libidn2-debugsource-2.0.4-3.1 libidn2-devel-2.0.4-3.1 libidn2-tools-2.0.4-3.1 libidn2-tools-debuginfo-2.0.4-3.1 libunistring-debugsource-0.9.3-25.1 libunistring-devel-0.9.3-25.1 libunistring0-0.9.3-25.1 libunistring0-debuginfo-0.9.3-25.1 - openSUSE Leap 42.3 (x86_64): libidn2-0-32bit-2.0.4-3.1 libidn2-0-debuginfo-32bit-2.0.4-3.1 libunistring-devel-32bit-0.9.3-25.1 libunistring0-32bit-0.9.3-25.1 libunistring0-debuginfo-32bit-0.9.3-25.1 References: https://bugzilla.suse.com/1056450 https://bugzilla.suse.com/1056451 https://bugzilla.suse.com/1056981