Security update for icu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:2364-1 Final 1 1 2017-09-05T21:51:03Z current 2017-09-05T21:51:03Z 2017-09-05T21:51:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icu icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-09/msg00014.html E-Mail link for openSUSE-SU-2017:2364-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 openSUSE Leap 42.3 icu-52.1-15.1 icu-data-52.1-15.1 libicu-devel-52.1-15.1 libicu-devel-32bit-52.1-15.1 libicu-doc-52.1-15.1 libicu52_1-52.1-15.1 libicu52_1-32bit-52.1-15.1 libicu52_1-data-52.1-15.1 icu-52.1-15.1 as a component of openSUSE Leap 42.2 icu-data-52.1-15.1 as a component of openSUSE Leap 42.2 libicu-devel-52.1-15.1 as a component of openSUSE Leap 42.2 libicu-devel-32bit-52.1-15.1 as a component of openSUSE Leap 42.2 libicu-doc-52.1-15.1 as a component of openSUSE Leap 42.2 libicu52_1-52.1-15.1 as a component of openSUSE Leap 42.2 libicu52_1-32bit-52.1-15.1 as a component of openSUSE Leap 42.2 libicu52_1-data-52.1-15.1 as a component of openSUSE Leap 42.2 icu-52.1-15.1 as a component of openSUSE Leap 42.3 icu-data-52.1-15.1 as a component of openSUSE Leap 42.3 libicu-devel-52.1-15.1 as a component of openSUSE Leap 42.3 libicu-devel-32bit-52.1-15.1 as a component of openSUSE Leap 42.3 libicu-doc-52.1-15.1 as a component of openSUSE Leap 42.3 libicu52_1-52.1-15.1 as a component of openSUSE Leap 42.3 libicu52_1-32bit-52.1-15.1 as a component of openSUSE Leap 42.3 libicu52_1-data-52.1-15.1 as a component of openSUSE Leap 42.3 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text. CVE-2014-8146 openSUSE Leap 42.2:icu-52.1-15.1 openSUSE Leap 42.2:icu-data-52.1-15.1 openSUSE Leap 42.2:libicu-devel-32bit-52.1-15.1 openSUSE Leap 42.2:libicu-devel-52.1-15.1 openSUSE Leap 42.2:libicu-doc-52.1-15.1 openSUSE Leap 42.2:libicu52_1-32bit-52.1-15.1 openSUSE Leap 42.2:libicu52_1-52.1-15.1 openSUSE Leap 42.2:libicu52_1-data-52.1-15.1 openSUSE Leap 42.3:icu-52.1-15.1 openSUSE Leap 42.3:icu-data-52.1-15.1 openSUSE Leap 42.3:libicu-devel-32bit-52.1-15.1 openSUSE Leap 42.3:libicu-devel-52.1-15.1 openSUSE Leap 42.3:libicu-doc-52.1-15.1 openSUSE Leap 42.3:libicu52_1-32bit-52.1-15.1 openSUSE Leap 42.3:libicu52_1-52.1-15.1 openSUSE Leap 42.3:libicu52_1-data-52.1-15.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-09/msg00014.html https://www.suse.com/security/cve/CVE-2014-8146.html CVE-2014-8146 https://bugzilla.suse.com/1066493 SUSE Bug 1066493 https://bugzilla.suse.com/910805 SUSE Bug 910805 https://bugzilla.suse.com/927951 SUSE Bug 927951 https://bugzilla.suse.com/929629 SUSE Bug 929629 https://bugzilla.suse.com/959178 SUSE Bug 959178 The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. CVE-2014-8147 openSUSE Leap 42.2:icu-52.1-15.1 openSUSE Leap 42.2:icu-data-52.1-15.1 openSUSE Leap 42.2:libicu-devel-32bit-52.1-15.1 openSUSE Leap 42.2:libicu-devel-52.1-15.1 openSUSE Leap 42.2:libicu-doc-52.1-15.1 openSUSE Leap 42.2:libicu52_1-32bit-52.1-15.1 openSUSE Leap 42.2:libicu52_1-52.1-15.1 openSUSE Leap 42.2:libicu52_1-data-52.1-15.1 openSUSE Leap 42.3:icu-52.1-15.1 openSUSE Leap 42.3:icu-data-52.1-15.1 openSUSE Leap 42.3:libicu-devel-32bit-52.1-15.1 openSUSE Leap 42.3:libicu-devel-52.1-15.1 openSUSE Leap 42.3:libicu-doc-52.1-15.1 openSUSE Leap 42.3:libicu52_1-32bit-52.1-15.1 openSUSE Leap 42.3:libicu52_1-52.1-15.1 openSUSE Leap 42.3:libicu52_1-data-52.1-15.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-09/msg00014.html https://www.suse.com/security/cve/CVE-2014-8147.html CVE-2014-8147 https://bugzilla.suse.com/1066493 SUSE Bug 1066493 https://bugzilla.suse.com/1079317 SUSE Bug 1079317 https://bugzilla.suse.com/910805 SUSE Bug 910805 https://bugzilla.suse.com/910806 SUSE Bug 910806 https://bugzilla.suse.com/927951 SUSE Bug 927951 https://bugzilla.suse.com/929629 SUSE Bug 929629 https://bugzilla.suse.com/959178 SUSE Bug 959178