Security update for icu SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2020:0459-1 Final 1 1 2020-04-05T16:18:35Z current 2020-04-05T16:18:35Z 2020-04-05T16:18:35Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icu This update for icu fixes the following issues: - CVE-2020-10531: Fixed a potential integer overflow in UnicodeString:doAppend (bsc#1166844). This update was imported from the SUSE:SLE-15:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2020-459 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVDVOYJ5IRTMFBUIFQNNT57NKN3MNRN4/ E-Mail link for openSUSE-SU-2020:0459-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1166844 SUSE Bug 1166844 https://www.suse.com/security/cve/CVE-2020-10531/ SUSE CVE CVE-2020-10531 page openSUSE Leap 15.1 icu-60.2-lp151.3.11.1 libicu-devel-60.2-lp151.3.11.1 libicu-devel-32bit-60.2-lp151.3.11.1 libicu-doc-60.2-lp151.3.11.1 libicu60_2-60.2-lp151.3.11.1 libicu60_2-32bit-60.2-lp151.3.11.1 libicu60_2-bedata-60.2-lp151.3.11.1 libicu60_2-ledata-60.2-lp151.3.11.1 icu-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu-devel-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu-devel-32bit-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu-doc-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu60_2-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu60_2-32bit-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu60_2-bedata-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 libicu60_2-ledata-60.2-lp151.3.11.1 as a component of openSUSE Leap 15.1 An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp. CVE-2020-10531 openSUSE Leap 15.1:icu-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu-devel-32bit-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu-devel-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu-doc-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu60_2-32bit-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu60_2-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu60_2-bedata-60.2-lp151.3.11.1 openSUSE Leap 15.1:libicu60_2-ledata-60.2-lp151.3.11.1 important 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WVDVOYJ5IRTMFBUIFQNNT57NKN3MNRN4/ https://www.suse.com/security/cve/CVE-2020-10531.html CVE-2020-10531 https://bugzilla.suse.com/1166844 SUSE Bug 1166844 https://bugzilla.suse.com/1175778 SUSE Bug 1175778