Overview

File _patchinfo of Package patchinfo.2360

<patchinfo incident="2360">
  <issue id="929629" tracker="bnc">VUL-1: CVE-2014-8146, CVE-2014-8147: icu: multiple overflow vulnerabilities</issue>
  <issue id="2014-8147" tracker="cve" />
  <issue id="2014-8146" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>zhangxiaofei</packager>
  <description>icu was updated to fix two security issues.

These security issues were fixed:
- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional
  Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer
  data type that is inconsistent with a header file, which allowed remote attackers to cause a
  denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code
  via crafted text (bsc#929629).
- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional
  Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly
  track directionally isolated pieces of text, which allowed remote attackers to cause a denial of
  service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text
  (bsc#929629).
  </description>
  <summary>Security update for icu</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places