Advisories » MGASA-2016-0186

Updated icu packages fix security vulnerability

Publication date: 20 May 2016
Modification date: 20 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-4844

Description

It was discovered that ICU Layout Engine was missing multiple boundary and
error return checks.  These could lead to buffer overflows and memory
corruption.  A specially crafted font file could cause an application
using ICU to parse untrusted fonts to crash and, possibly, execute
arbitrary code (CVE-2015-4844).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17577
• https://bugzilla.redhat.com/show_bug.cgi?id=1273318
• https://bugzilla.redhat.com/show_bug.cgi?id=1298906
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844

SRPMS

5/core

• icu-53.1-12.3.mga5