| Description: | Summary:
The remote host is missing an update for the Debian 'icu' package(s) announced via the DSA-3725-1 advisory.
Vulnerability Insight:
Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.
CVE-2014-9911
Michele Spagnuolo discovered a buffer overflow vulnerability which might allow remote attackers to cause a denial of service or possibly execute arbitrary code via crafted text.
CVE-2015-2632
An integer overflow vulnerability might lead into a denial of service or disclosure of portion of application memory if an attacker has control on the input file.
CVE-2015-4844
Buffer overflow vulnerabilities might allow an attacker with control on the font file to perform a denial of service or, possibly, execute arbitrary code.
CVE-2016-0494
Integer signedness issues were introduced as part of the CVE-2015-4844 fix.
CVE-2016-6293
A buffer overflow might allow an attacker to perform a denial of service or disclosure of portion of application memory.
CVE-2016-7415
A stack-based buffer overflow might allow an attacker with control on the locale string to perform a denial of service and, possibly, execute arbitrary code.
For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u4.
For the unstable distribution (sid), these problems have been fixed in version 57.1-5.
We recommend that you upgrade your icu packages.
Affected Software/OS:
'icu' package(s) on Debian 8.
Solution:
Please install the updated package(s).
CVSS Score:
10.0
CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
|
