UbuntuUpdates.org

Package "libuv1"

Name: libuv1

Description:

asynchronous event notification library - runtime library
Latest version: 1.43.0-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: main
Homepage: https://github.com/libuv/libuv

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libuv1"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libuv1" in Jammy

Repository Area Version
base main 1.43.0-1
updates main 1.43.0-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.43.0-1ubuntu0.1 2024-02-28 15:07:02 UTC

  libuv1 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: hostname restriction bypass via truncation
    - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
      output in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
      in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
      IDNA in test/test-idna.c.
    - CVE-2024-24806

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:02 -0500
CVE-2024-24806 libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its window


About   -   Send Feedback to @ubuntu_updates