Security Information / 2012 / Security Information -- DSA-2397-1 icu

Debian Security Advisory

DSA-2397-1 icu -- buffer underflow

Date Reported:

29 Jan 2012

Affected Packages:

icu

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2011-4599.

More information:

It was discovered that a buffer overflow in the Unicode library ICU could lead to the execution of arbitrary code.

For the oldstable distribution (lenny), this problem has been fixed in version 3.8.1-3+lenny3.

For the stable distribution (squeeze), this problem has been fixed in version 4.4.1-8.

For the unstable distribution (sid), this problem has been fixed in version 4.8.1.1-3.

We recommend that you upgrade your icu packages.