Bugtraq: [SECURITY] [DSA 3725-1] icu security update

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA256

– ————————————————————————

Debian Security Advisory DSA-3725-1 security (at) debian (dot) org [email concealed]

https://www.debian.org/security/ Luciano Bello

November 27, 2016 https://www.debian.org/security/faq

– ————————————————————————

Package : icu

CVE ID : CVE-2014-9911 CVE-2015-2632 CVE-2015-4844 CVE-2016-0494

CVE-2016-6293 CVE-2016-7415

Debian Bug : 838694

Several vulnerabilities were discovered in the International Components

for Unicode (ICU) library.

CVE-2014-9911

Michele Spagnuolo discovered a buffer overflow vulnerability which

might allow remote attackers to cause a denial of service or possibly

execute arbitrary code via crafted text.

CVE-2015-2632

An integer overflow vulnerability might lead into a denial of service

or disclosure of portion of application memory if an attacker has

control on the input file.

CVE-2015-4844

Buffer overflow vulnerabilities might allow an attacker with control

on the font file to perform a denial of service attacker or,

possibly, execute arbitrary code.

CVE-2016-0494

Integer signedness issues were introduced as part of the

CVE-2015-4844 fix.

CVE-2016-6293

A buffer overflow might allow an attacker to perform a denial of

service or disclosure of portion of application memory.

CVE-2016-7415

A stack-based buffer overflow might allow an attacker with control on

the locale string to perform a denial of service and, possibly,

execute arbitrary code.

For the stable distribution (jessie), these problems have been fixed in

version 52.1-8+deb8u4.

For the unstable distribution (sid), these problems have been fixed in

version 57.1-5.

We recommend that you upgrade your icu packages.

Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/

Mailing list: debian-security-announce (at) lists.debian (dot) org [email concealed]

—–BEGIN PGP SIGNATURE—–

iQIcBAEBCAAGBQJYOxmOAAoJEG7C3vaP/jd0vqkQAKAMItur4VZLQdyw7yLRDNwN

hZx7Z7w2etBM7bZVulYvOrNWzdfBal45uQ4XVYMlgjOAmGGnBNRcuEZBI7tOFOJ5

euwEz+HQj/T5ZiwjMjP9VbflM3OOgAbHHjvyuiS72n7pKjJFAvIvvIQZ7n2fzbtp

oRWF7qXgtUFgjh/Bk8VLizW/AqfmJnaRpITOWuLldGyqu23iKgBC/m1u5j3uX7gq

YWjbHh66t93IaosforaX6o2B25IMLIAcIlLE1yOFIDsnNffV/Wb38huBodXWDgkd

iUJlaz4uNGYpCG5J2Fy5GVY+ePTFyLNGW9hgvgLiTpqWXN+fo9B2y7nkhUtTDljY

QMgF9oCzdFBAzsbm3EN6thbMr3+/BlH1smWuxthWlzenVWzYRRW9biXiYHhAuTLx

k9v/4A2oCL61uCaHsrc8NbMhI6BUq0hvQJPHrU97ix9U4cRJGPLWSKkKpJVTEjqI

1Xki47FSNTykUXcbgNV1StJ8paL106J8ZHFRdy10p7np+rIR+dujU4Hz5P9hzw07

4aECq/FQGescS2rgpC1QQmUR9qLZdQ0ag9oEmPWHXvoblqii6u3DJyZKTURhWJA8

Wn6FmmlwojYs8nZsuixJXB3a5ExhH3jTfiB1v1DLCjCVAOeAlUkuILSv1SOUXSzo

7xp83+DgrMJ93GY2aHV4

=vHKf

—–END PGP SIGNATURE—–

[ reply ]

Source: SecurityFocus Vulnerabilities @ November 28, 2016 at 03:00AM

0
Share