Updated icu package fixes security vulnerability
Publication date: 27 Jul 2015Type: security
Affected Mageia releases : 5
CVE: CVE-2015-1270
Description
The ucnv_io_getConverterName function in common/ucnv_io.cpp in
International Components for Unicode (ICU) mishandles converter names with
initial x- substrings, which allows remote attackers to cause a denial of
service (read of uninitialized memory) or possibly have unspecified other
impact via a crafted file (CVE-2015-1270).
References
SRPMS
5/core
- icu-53.1-12.1.mga5