icu security update (CVE-2011-4599, CVE-2010-4409)
Specially crafted strings could cause a buffer overflow in
icu (CVE-2011-4599).
An integer overflow in the getSymbol() function could crash
applications using icu (CVE-2010-4409)
-
Submitted by
Adrian Schröter (adrianSuSE)
- Version 5658
Fixed bugs
bnc#736146
VUL-0: icu: out of bounds access
bnc#657910
VUL-1: icu unum_setSymbol/unum_getSymbol crash
CVE#CVE-2011-4599
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE#CVE-2010-4409
Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument.
