SUSE-SU-2018:1602-1 -- SLES libicuID: oval:org.secpod.oval:def:89002232 | Date: (C)2021-02-26 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a "\0" character at the end of a certain temporary array, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a quot;redundant UVector entry clean up function callquot; issue. - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years
Platform: |
SUSE Linux Enterprise Server 11 SP4 |