Updated icu packages fix security vulnerability
Publication date: 27 Nov 2016Modification date: 27 Nov 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-9911 , CVE-2016-7415
Description
Stack overflow in ures_getByKeyWithFallback() in ICU before 54.1 could
lead to a crash (CVE-2014-9911).
It was found that a big locale string causes a stack based overflow
inside libicu in locid.cpp (CVE-2016-7415)
References
- https://bugs.mageia.org/show_bug.cgi?id=19840
- http://openwall.com/lists/oss-security/2016/11/25/1
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OAJGWQ3FEZJMVTFPJHKJJPCUKMX7XBTX/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415
SRPMS
5/core
- icu-53.1-12.6.mga5