You are here
Home > Preporuke > Ranjivost programskog paketa icu

Ranjivost programskog paketa icu

by ncert - 0
  • Detalji os-a: LDE
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LDE

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-3360-1 security@debian.org
https://www.debian.org/security/ Laszlo Boszormenyi (GCS)
September 15, 2015 https://www.debian.org/security/faq
– ————————————————————————-

Package : icu
CVE ID : CVE-2015-1270
Debian Bug : 798647

It was discovered that the International Components for Unicode (ICU)
library mishandles converter names starting with x- , which allows
remote attackers to cause a denial of service (read of uninitialized
memory) or possibly have unspecified other impact via a crafted file.

For the stable distribution (jessie), this problem has been fixed in
version 52.1-8+deb8u3.

For the testing distribution (stretch), this problem has been fixed
in version 55.1-5.

For the unstable distribution (sid), this problem has been fixed in
version 55.1-5.

We recommend that you upgrade your icu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1

iQIcBAEBCgAGBQJV+ELBAAoJEK+lG9bN5XPLC24QAIXycfVpH1VzrqIOi7IzkmXf
aCJ9B+m/BWSmnEfVVm42w3u0gGd7wQZSbMi5azEdHYpec6g9Defc4XfVp8ngD9Gk
37Gha8gZZ4Sbxc1tXwMwwwyP2+E+6QDrNzniSwtCNgk4UV9VUSGCNhLJBva5tV1Y
JSeFVHTpl/Urj7CwdRYvlMIbVCTvcnS0FJ34LeylnXTa5k4Z2ZyO5o6a7Gd8YsAD
mGJ2VWA0axNgXXpGhazLfRPQ2PauLfqWN0VpMualqejMPZd2ABRUxrZ7eUuG4AGx
u0HsGnQAQrMn9ZUChTjX8HpDW7OH39B0Z0nVlSITeC4L5gK8SY5lHgmg8zV/Uk1L
jzTwsZty2wfyxsti8XXlY9UHKNcUjB+8bg8WdftzC765HCiNJOXJCGHeklIiHqk7
T5K2H7YuNPMqMuaqgYE7zbgu3JVY9ixNk9DV9aEsgDGjrcs9OXC5U0mkV/++VHlC
ebpcKw02aVEl2Yf7MbX+M0cLiCHo3RM56LQUa02SivwBC5gWULwaSKaRSasoEWEP
knrBzmC5rdyztXipe2undXFyJuACBAuemP8eQSLY7tpFecc52KKnKMN2lru9hzAj
CSXmOvUwwZGmKdwTCMM9RepCoqpNv7Y21ejxCAzUiZ9vjlzVEdRdIeUri/UqGm+E
24PlDUC7o0eS12jqWAVx
=ADH3
—–END PGP SIGNATURE—–

AutorTomislav Protega
Cert idNCERT-REF-2015-09-0001-ADV
CveCVE-2015-1270
ID izvornikaDSA-3360-1
Proizvodicu
Izvorhttp://www.debian.org
ncert
Top
More in Preporuke
Sigurnosni nedostatak php programskih biblioteka

Otkriven je sigurnosni nedostatak u programskim paketima php-doctrine-annotations, php-doctrine-cache i php-doctrine-doctrine-bundle. Otkriveni nedostatak potencijalnim napadačima omogućuje pokretanje proizvoljnog programskog koda...

Close