Rapid7 Vulnerability & Exploit Database

RHSA-2011:1815: icu security update

Back to Search

RHSA-2011:1815: icu security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/13/2011
Created
07/25/2018
Added
12/16/2011
Modified
07/04/2017

Description

The International Components for Unicode (ICU) library provides robust andfull-featured Unicode services.A stack-based buffer overflow flaw was found in the way ICU performedvariant canonicalization for some locale identifiers. If aspecially-crafted locale representation was opened in an applicationlinked against ICU, it could cause the application to crash or, possibly,execute arbitrary code with the privileges of the user running theapplication. (CVE-2011-4599)All users of ICU should upgrade to these updated packages, which contain abackported patch to resolve this issue. All applications linked againstICU must be restarted for this update to take effect.

Solution(s)

  • redhat-upgrade-icu
  • redhat-upgrade-icu-debuginfo
  • redhat-upgrade-libicu
  • redhat-upgrade-libicu-devel
  • redhat-upgrade-libicu-doc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;