Vulnerability   
Search   
    Search 211766 CVE descriptions
and 97459 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.1.4.2018.1602.1
Category:SuSE Local Security Checks
Title:SUSE: Security Advisory (SUSE-SU-2018:1602-1)
Summary:The remote host is missing an update for the 'icu' package(s) announced via the SUSE-SU-2018:1602-1 advisory.
Description:Summary:
The remote host is missing an update for the 'icu' package(s) announced via the SUSE-SU-2018:1602-1 advisory.

Vulnerability Insight:
This update for icu fixes the following issues:
- CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in
common/uloc.cpp did not ensure that there is a '\0' character at the end
of a certain temporary array, which allows remote attackers to cause a
denial of service (out-of-bounds read) or possibly have unspecified
other impact via a call with a long httpAcceptLanguage argument.
(bsc#990636)
- CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based
buffer overflow related to the utf8TextAccess function in
common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674)
- CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based
buffer overflow related to the utf8TextAccess function in
common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678)
- CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote
attackers to execute arbitrary code via a crafted string, aka a
'redundant UVector entry clean up function call' issue. (bsc#1067203)
- CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled
ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote
attackers to cause a denial of service (stack-based buffer overflow and
application crash) or possibly have unspecified other impact via a
crafted string, as demonstrated by ZNC. (bsc#1072193)
- CVE-2017-15422: An integer overflow in persian calendar calculation was
fixed, which could show wrong years. (bsc#1077999)

Affected Software/OS:
'icu' package(s) on SUSE Linux Enterprise Software Development Kit 11-SP4, SUSE Linux Enterprise Server 11-SP4, SUSE Linux Enterprise Debuginfo 11-SP4

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2016-6293
BugTraq ID: 92127
http://www.securityfocus.com/bid/92127
https://security.gentoo.org/glsa/201701-58
http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
https://bugs.php.net/72533
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
http://openwall.com/lists/oss-security/2016/07/24/2
Common Vulnerability Exposure (CVE) ID: CVE-2017-7867
BugTraq ID: 97672
http://www.securityfocus.com/bid/97672
Debian Security Information: DSA-3830 (Google Search)
http://www.debian.org/security/2017/dsa-3830
https://security.gentoo.org/glsa/201710-03
http://bugs.icu-project.org/trac/changeset/39671
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213
Common Vulnerability Exposure (CVE) ID: CVE-2017-7868
BugTraq ID: 97674
http://www.securityfocus.com/bid/97674
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.