ALAS-2012-033


Amazon Linux AMI Security Advisory: ALAS-2012-33
Advisory Release Date: 2014-09-14 15:10 Pacific
Severity: Medium

Issue Overview:

A stack-based buffer overflow flaw was found in the way ICU performed variant canonicalization for some locale identifiers. If a specially-crafted locale representation was opened in an application linked against ICU, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-4599 )


Affected Packages:

icu


Issue Correction:
Run yum update icu to update your system.

New Packages:
i686:
    libicu-4.2.1-9.9.amzn1.i686
    icu-4.2.1-9.9.amzn1.i686
    libicu-devel-4.2.1-9.9.amzn1.i686
    icu-debuginfo-4.2.1-9.9.amzn1.i686

noarch:
    libicu-doc-4.2.1-9.9.amzn1.noarch

src:
    icu-4.2.1-9.9.amzn1.src

x86_64:
    icu-debuginfo-4.2.1-9.9.amzn1.x86_64
    libicu-4.2.1-9.9.amzn1.x86_64
    libicu-devel-4.2.1-9.9.amzn1.x86_64
    icu-4.2.1-9.9.amzn1.x86_64