Recommended update for icu SUSE Patch security@suse.de SUSE Security Team SUSE-RU-2018:0028-1 Final 1 1 2018-01-05T12:58:00Z current 2018-01-05T12:58:00Z 2018-01-05T12:58:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Recommended update for icu This update for icu fixes the following issue: - Fix international date/time format output (a regression caused by the fix for CVE-2014-9911) (bsc#1037416). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sdksp4-icu-13395,slessp4-icu-13395 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement//suse-ru-20180028-1/ Link for SUSE-RU-2018:0028-1 https://lists.suse.com/pipermail/sle-updates/2018-January/007695.html E-Mail link for SUSE-RU-2018:0028-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1037416 SUSE Bug 1037416 https://www.suse.com/security/cve/CVE-2014-9911/ SUSE CVE CVE-2014-9911 page SUSE Linux Enterprise Server 11 SP4 SUSE Linux Enterprise Server for SAP Applications 11 SP4 SUSE Linux Enterprise Software Development Kit 11 SP4 icu-4.0-47.3.2 libicu-32bit-4.0-47.3.2 libicu-devel-4.0-47.3.2 libicu-devel-32bit-4.0-47.3.2 libicu-4.0-47.3.2 libicu-doc-4.0-47.3.2 libicu-x86-4.0-47.3.2 libicu-4.0-47.3.2 as a component of SUSE Linux Enterprise Server 11 SP4 libicu-32bit-4.0-47.3.2 as a component of SUSE Linux Enterprise Server 11 SP4 libicu-doc-4.0-47.3.2 as a component of SUSE Linux Enterprise Server 11 SP4 libicu-x86-4.0-47.3.2 as a component of SUSE Linux Enterprise Server 11 SP4 libicu-4.0-47.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libicu-32bit-4.0-47.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libicu-doc-4.0-47.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 libicu-x86-4.0-47.3.2 as a component of SUSE Linux Enterprise Server for SAP Applications 11 SP4 icu-4.0-47.3.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libicu-32bit-4.0-47.3.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libicu-devel-4.0-47.3.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 libicu-devel-32bit-4.0-47.3.2 as a component of SUSE Linux Enterprise Software Development Kit 11 SP4 Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call. CVE-2014-9911 SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.3.2 SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.3.2 SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.3.2 SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.3.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.3.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.3.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.3.2 SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.3.2 SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.3.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.3.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.3.2 SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.3.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement//suse-ru-20180028-1/ https://www.suse.com/security/cve/CVE-2014-9911.html CVE-2014-9911 https://bugzilla.suse.com/1012224 SUSE Bug 1012224 https://bugzilla.suse.com/1012232 SUSE Bug 1012232