Security update for libical
This update for libical fixes the following issues:
Security issues fixed:
- CVE-2016-5824: libical 1.0 allows remote attackers to cause a denial of service (use-after-free)
via a crafted ics file. (bsc#986639)
- CVE-2016-5827: The icaltime_from_string function in libical 0.47 and 1.0 allows remote attackers
to cause a denial of service (out-of-bounds heap read) via a crafted string to the
icalparser_parse_string function. (bsc#986631)
- CVE-2016-9584: libical allows remote attackers to cause a denial of service (use-after-free) and
possibly read heap memory via a crafted ics file. (bsc#1015964)
Bug fixes:
- libical crashes while parsing timezones (bsc#1044995)
This update was imported from the SUSE:SLE-12-SP2:Update update project.
-
Submitted by
Michael Gorse (mgorse)
Fixed bugs
bnc#986639
VUL-0: CVE-2016-5824: libical: heap overread
bnc#1044995
libical crashes while parsing timezones
bnc#986631
VUL-0: CVE-2016-5827: libical: heap overread in libical
bnc#1015964
VUL-0: CVE-2016-9584: libical: Use-after-free
