Alerts This Week
Warning Icon 1 681
Alerts This Week
Warning Icon 1 681

openSUSE Leap 42.3 Security Update 2018:1422-1 Moderate: ICU DoS Fix

opensuse
Calendar Grey May 25, 2018
Dist Opensuse Esm H88
Latest patch addresses several vulnerabilities in openSUSE’s ICU module. Urgent measures suggested for improved protection.
An update that fixes 8 vulnerabilities is now available.

Description

icu was updated to fix two security issues.

These security issues were fixed:

- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in

the Unicode Bidirectional Algorithm implementation in ICU4C in

International Components for Unicode (ICU) used an integer data type

that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free)

or possibly execute arbitrary code via crafted text (bsc#929629).

- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in

the Unicode Bidirectional Algorithm implementation in ICU4C in

International Components for Unicode (ICU) did not properly track

directionally isolated pieces of text, which allowed remote attackers to

cause a denial of service (heap-based buffer overflow) or possibly

execute arbitrary code via crafted text (bsc#929629).

- CVE-2016-6293: The...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service software update security fix moderate issue openSUSE icu fix

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2018-517=1

Package List

- openSUSE Leap 42.3 (i586 x86_64):

icu-52.1-18.1

icu-data-52.1-18.1

icu-debuginfo-52.1-18.1

icu-debugsource-52.1-18.1

libicu-devel-52.1-18.1

libicu-doc-52.1-18.1

libicu52_1-52.1-18.1

libicu52_1-data-52.1-18.1

libicu52_1-debuginfo-52.1-18.1

- openSUSE Leap 42.3 (x86_64):

libicu-devel-32bit-52.1-18.1

libicu52_1-32bit-52.1-18.1

libicu52_1-debuginfo-32bit-52.1-18.1

References

https://www.suse.com/security/cve/CVE-2014-8146.html

https://www.suse.com/security/cve/CVE-2014-8147.html

https://www.suse.com/security/cve/CVE-2016-6293.html

https://www.suse.com/security/cve/CVE-2017-14952.html

https://www.suse.com/security/cve/CVE-2017-15422.html

https://www.suse.com/security/cve/CVE-2017-17484.html

https://www.suse.com/security/cve/CVE-2017-7867.html

https://www.suse.com/security/cve/CVE-2017-7868.html

https://bugzilla.suse.com/1034674

https://bugzilla.suse.com/1034678

https://bugzilla.suse.com/1067203

https://bugzilla.suse.com/1072193

https://bugzilla.suse.com/1077999

https://bugzilla.suse.com/1087932

https://bugzilla.suse.com/929629

https://bugzilla.suse.com/990636

--

Announcement ID: openSUSE-SU-2018:1422-1
Rating: moderate
Affected Products: openSUSE Leap 42.3

Topics%20covered

Topics Covered

security advisory denial of service software update security fix moderate issue openSUSE icu fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here