[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 283-1] icu security update

Package        : icu
Version        : 4.4.1-8+squeeze4
CVE ID         : CVE-2015-4760

A vulnerability has been found in the International Components
for Unicode (ICU) library:


    It was discovered that ICU Layout Engine was missing multiple
    boundary checks. These could lead to buffer overflows and memory
    corruption. A specially crafted file could cause an application
    using ICU to parse untrusted font files to crash and, possibly,
    execute arbitrary code.

For the squeeze distribution, these issues have been fixed in version
4.4.1-8+squeeze4 of icu.

We recommend to upgrade your icu packages.

Attachment: signature.asc
Description: Digital signature

Reply to: