Описание
Security update for icu
This update for icu fixes the following security issues:
- Passing a locale string longer than 255 characters to uloc_getDisplayName() could have caused a buffer overflow resulting in denial of service or possible code execution (bsc#1012224, CVE-2014-9911).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
libicu-4.0-43.1
libicu-32bit-4.0-43.1
libicu-doc-4.0-43.1
libicu-x86-4.0-43.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
libicu-4.0-43.1
libicu-32bit-4.0-43.1
libicu-doc-4.0-43.1
libicu-x86-4.0-43.1
SUSE Linux Enterprise Software Development Kit 11 SP4
icu-4.0-43.1
libicu-32bit-4.0-43.1
libicu-devel-4.0-43.1
libicu-devel-32bit-4.0-43.1
Ссылки
- Link for SUSE-SU-2017:0256-1
- E-Mail link for SUSE-SU-2017:0256-1
- SUSE Security Ratings
- SUSE Bug 1012224
- SUSE CVE CVE-2014-9911 page
Описание
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-43.1
SUSE Linux Enterprise Server 11 SP4:libicu-4.0-43.1
SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-43.1
SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-43.1
Ссылки
- CVE-2014-9911
- SUSE Bug 1012224
- SUSE Bug 1012232