Debian Security Advisory DSA-3830-1

https://www.debian.org/security/ Sebastien Delafond

April 19, 2017

Package : icu

CVE ID : CVE-2017-7867 CVE-2017-7868

Debian Bug : 860314



It was discovered that icu, the International Components for Unicode

library, did not correctly validate its input. An attacker could use

this problem to trigger an out-of-bound write through a heap-based

buffer overflow, thus causing a denial of service via application

crash, or potential execution of arbitrary code.



For the stable distribution (jessie), these problems have been fixed in

version 52.1-8+deb8u5.



For the upcoming stable (stretch) and unstable (sid) distributions,

these problems have been fixed in version 57.1-6.



We recommend that you upgrade your icu packages.



