UbuntuUpdates.org

Package "libuv1-dev"

Name: libuv1-dev

Description:

asynchronous event notification library - development files

Latest version: 1.43.0-1ubuntu0.1
Release: jammy (22.04)
Level: security
Repository: main
Head package: libuv1
Homepage: https://github.com/libuv/libuv

Links


Download "libuv1-dev"


Other versions of "libuv1-dev" in Jammy

Repository Area Version
base main 1.43.0-1
updates main 1.43.0-1ubuntu0.1

Changelog

Version: 1.43.0-1ubuntu0.1 2024-02-28 15:07:02 UTC

  libuv1 (1.43.0-1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: hostname restriction bypass via truncation
    - debian/patches/CVE-2024-24806-1.patch: always zero-terminate idna
      output in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-2.patch: reject zero-length idna inputs
      in src/idna.c, test/test-idna.c.
    - debian/patches/CVE-2024-24806-3.patch: empty strings are not valid
      IDNA in test/test-idna.c.
    - CVE-2024-24806

 -- Marc Deslauriers <email address hidden> Wed, 14 Feb 2024 12:38:02 -0500

CVE-2024-24806 libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its window



About   -   Send Feedback to @ubuntu_updates