[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 947-1] icu security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : icu
Version        : 4.8.1.1-12+deb7u7
CVE ID         : CVE-2017-7867 CVE-2017-7868

It was discovered that icu, the International Components for Unicode
library, did not correctly validate its input. An attacker could use
this problem to trigger an out-of-bound write through a heap-based
buffer overflow, thus causing a denial of service via application
crash, or potential execution of arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
4.8.1.1-12+deb7u7.

We recommend that you upgrade your icu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJZIFKWXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHorgP+wZH2v1B0YD5jMHKPfKdxnfN
mZFLaQZbOkCwLummkKQRHiLb1JdAIt+B+roO6T0aFLtB+7lmls1kS6izqtXLPt4U
XTeTfBi/0aYDR7W5/aYeMbh7yx5znakvPz2PLHjuXFg8rl2a5QY9sh5AqjX6LcHr
G5HQMqeAj32ZdVAv3j5HjGg0dY2XKyS/hKgwK+AaBKo558WwzddSOmeqhG1cIuAA
vAuhy2aAUUfoGUkjP+FrA74dywGwq34AWBYjvvO7KEZhFRkXYZkfXhQfu3vjU7v8
84CIqyVD6C+VIvPtBoM5Y2f7tehDELYvL23DY+wocRRAAF5LYc8CfOWWjZmOi7/j
M4EK6x4FbgV4CWdJgv+vCrXhWRykoSr1+DMQbg7311mtzczGMw94FcSGpin47Szu
zQQA1KzAP875zlA4b1bBBmZ5WgEtloiK2HWAiNJOoYMin5im6X4x4CK/s1qiDMHB
jlosraK8atZ+MHbpUR56W31SlOlbGq9r0cGmsdXmfIEH98kKjLBX/EcQBmcudPMp
pzBUUrQF7UI34z+gywPudMSWqG+cQ03QdkXRaY1c9v2KwUxl+qQM6aU61/6aecLx
yZRRQTZywECva3GsYZvqWDwY/FMm0YZYPBfkDQuxEEnkgefWTWYMkU/9SDrB8t0a
1woxVolRqlBbAfjBOhQj
=0Afw
-----END PGP SIGNATURE-----


Reply to: