SynopsisThe remote Debian host is missing a security-related update.
DescriptionIt was discovered that libidn, the GNU library for Internationalized Domain Names (IDNs), did not correctly handle invalid UTF-8 input, causing an out-of-bounds read. This could allow attackers to disclose sensitive information from an application using the libidn library.
SolutionUpgrade the libidn packages.
For the stable distribution (jessie), this problem has been fixed in version 1.29-1+deb8u1.