icu was updated to fix two security issues.
These security issues were fixed:
- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional
Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer
data type that is inconsistent with a header file, which allowed remote attackers to cause a
denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code
via crafted text (bsc#929629).
- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional
Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly
track directionally isolated pieces of text, which allowed remote attackers to cause a denial of
service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text
(bsc#929629).
This update was imported from the SUSE:SLE-12:Update update project.
- Submitted by Felix Zhang (zhangxiaofei)