Advisories » MGASA-2017-0411

Updated icu packages fix security vulnerability

Publication date: 16 Nov 2017
Modification date: 16 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-14952

Description

Updated icu packages fix security vulnerability:

Double free in i18n/zonemeta.cpp in International Components for Unicode
(ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary
code via a crafted string, aka a "redundant UVector entry clean up function
call" issue (CVE-2017-14952).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21929
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952

SRPMS

5/core

• icu-53.1-12.8.mga5

6/core

• icu-58.2-3.1.mga6