Debian Security Advisory

DLA-744-1 icu -- LTS security update

Date Reported:
16 Dec 2016
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 838694.
In Mitre's CVE dictionary: CVE-2014-9911, CVE-2016-7415.
More information:

Brief introduction

  • CVE-2014-9911

    Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted text.

  • CVE-2016-7415

    A stack-based buffer overflow might allow an attacker with control of the locale string to perform a denial of service and, possibly, execute arbitrary code.

For Debian 7 Wheezy, these problems have been fixed in version

We recommend that you upgrade your icu packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: