OVAL Reference oval:org.opensuse.security:def:56775

Oval Definition:

oval:org.opensuse.security:def:56775

Revision Date:	2020-12-01	Version:	1
Title:	Security update for icu (Moderate)
Description:	icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999)
Family:	unix	Class:	patch
Status:		Reference(s):	1005522 1005523 1005524 1005525 1005526 1005527 1005528 1005879 1007728 1018832 1034674 1034678 1037559 1067203 1072193 1077999 1087932 1097973 1097974 1109160 1114674 1118367 1118368 1118894 1132665 1137597 1140747 1154212 1158442 1166238 1171740 1174910 1174913 929629 979823 988488 988651 990636 999646 CVE-2011-1097 CVE-2014-2855 CVE-2014-3065 CVE-2014-3566 CVE-2014-4288 CVE-2014-6456 CVE-2014-6457 CVE-2014-6458 CVE-2014-6466 CVE-2014-6476 CVE-2014-6492 CVE-2014-6493 CVE-2014-6502 CVE-2014-6503 CVE-2014-6506 CVE-2014-6511 CVE-2014-6512 CVE-2014-6513 CVE-2014-6515 CVE-2014-6527 CVE-2014-6531 CVE-2014-6532 CVE-2014-6558 CVE-2014-8146 CVE-2014-8147 CVE-2014-8242 CVE-2014-8891 CVE-2014-8892 CVE-2014-9512 CVE-2015-0138 CVE-2015-0192 CVE-2015-0204 CVE-2015-0458 CVE-2015-0459 CVE-2015-0469 CVE-2015-0477 CVE-2015-0478 CVE-2015-0480 CVE-2015-0488 CVE-2015-0491 CVE-2015-1914 CVE-2015-1931 CVE-2015-2590 CVE-2015-2601 CVE-2015-2613 CVE-2015-2619 CVE-2015-2621 CVE-2015-2625 CVE-2015-2632 CVE-2015-2637 CVE-2015-2638 CVE-2015-2664 CVE-2015-2808 CVE-2015-4000 CVE-2015-4729 CVE-2015-4731 CVE-2015-4732 CVE-2015-4733 CVE-2015-4734 CVE-2015-4748 CVE-2015-4749 CVE-2015-4760 CVE-2015-4803 CVE-2015-4805 CVE-2015-4806 CVE-2015-4810 CVE-2015-4835 CVE-2015-4840 CVE-2015-4842 CVE-2015-4843 CVE-2015-4844 CVE-2015-4860 CVE-2015-4871 CVE-2015-4872 CVE-2015-4882 CVE-2015-4883 CVE-2015-4893 CVE-2015-4902 CVE-2015-4903 CVE-2015-4911 CVE-2015-5006 CVE-2015-5041 CVE-2015-7575 CVE-2015-7981 CVE-2015-8126 CVE-2015-8472 CVE-2015-8540 CVE-2016-0264 CVE-2016-0363 CVE-2016-0376 CVE-2016-0402 CVE-2016-0448 CVE-2016-0466 CVE-2016-0483 CVE-2016-0494 CVE-2016-0686 CVE-2016-0687 CVE-2016-2335 CVE-2016-3422 CVE-2016-3426 CVE-2016-3427 CVE-2016-3443 CVE-2016-3449 CVE-2016-3485 CVE-2016-3511 CVE-2016-3598 CVE-2016-5180 CVE-2016-5387 CVE-2016-5542 CVE-2016-5554 CVE-2016-5556 CVE-2016-5568 CVE-2016-5573 CVE-2016-5582 CVE-2016-5597 CVE-2016-6293 CVE-2016-7444 CVE-2016-8610 CVE-2017-14952 CVE-2017-15422 CVE-2017-17484 CVE-2017-5335 CVE-2017-5336 CVE-2017-5337 CVE-2017-7867 CVE-2017-7868 CVE-2017-8779 CVE-2018-18311 CVE-2018-5741 CVE-2018-5805 CVE-2018-5806 CVE-2018-5808 CVE-2019-11477 CVE-2019-11478 CVE-2019-17631 CVE-2019-20503 CVE-2019-2933 CVE-2019-2945 CVE-2019-2958 CVE-2019-2962 CVE-2019-2964 CVE-2019-2973 CVE-2019-2975 CVE-2019-2978 CVE-2019-2981 CVE-2019-2983 CVE-2019-2988 CVE-2019-2989 CVE-2019-2992 CVE-2019-2996 CVE-2019-2999 CVE-2020-14361 CVE-2020-14362 CVE-2020-6805 CVE-2020-6806 CVE-2020-6807 CVE-2020-6811 CVE-2020-6812 CVE-2020-6814 CVE-2020-8616 CVE-2020-8617 SUSE-SU-2016:1593-1 SUSE-SU-2016:1818-1 SUSE-SU-2016:2887-1 SUSE-SU-2016:3286-1 SUSE-SU-2017:0348-1 SUSE-SU-2017:1306-1 SUSE-SU-2018:1401-1 SUSE-SU-2019:0002-1 SUSE-SU-2019:2264-1 SUSE-SU-2020:0024-1 SUSE-SU-2020:0717-1 SUSE-SU-2020:1914-1 SUSE-SU-2020:2401-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND autofs-5.1.3-lp150.5 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information gnutls-3.6.7-lp151.2.3 is installed OR gnutls-guile-3.6.7-lp151.2.3 is installed OR libgnutls-dane-devel-3.6.7-lp151.2.3 is installed OR libgnutls-dane0-3.6.7-lp151.2.3 is installed OR libgnutls-devel-3.6.7-lp151.2.3 is installed OR libgnutls-devel-32bit-3.6.7-lp151.2.3 is installed OR libgnutls30-3.6.7-lp151.2.3 is installed OR libgnutls30-32bit-3.6.7-lp151.2.3 is installed OR libgnutlsxx-devel-3.6.7-lp151.2.3 is installed OR libgnutlsxx28-3.6.7-lp151.2.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information icu-52.1-8.7 is installed OR libicu52_1-52.1-8.7 is installed OR libicu52_1-32bit-52.1-8.7 is installed OR libicu52_1-data-52.1-8.7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information apache2-2.4.16-7 is installed OR apache2-doc-2.4.16-7 is installed OR apache2-example-pages-2.4.16-7 is installed OR apache2-prefork-2.4.16-7 is installed OR apache2-utils-2.4.16-7 is installed OR apache2-worker-2.4.16-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_74-60_64_107-default-8-2 is installed OR kgraft-patch-3_12_74-60_64_107-xen-8-2 is installed OR kgraft-patch-SLE12-SP1_Update_32-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information java-1_7_1-ibm-1.7.1_sr3.50-28 is installed OR java-1_7_1-ibm-alsa-1.7.1_sr3.50-28 is installed OR java-1_7_1-ibm-jdbc-1.7.1_sr3.50-28 is installed OR java-1_7_1-ibm-plugin-1.7.1_sr3.50-28 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information MozillaFirefox-52.8.1esr-109.34 is installed OR MozillaFirefox-devel-52.8.1esr-109.34 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kgraft-patch-4_4_103-92_53-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_16-11-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_90-92_45-default-11-2 is installed OR kgraft-patch-SLE12-SP2_Update_14-11-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information ibus-chewing-1.4.14-4 is installed OR ibus-pinyin-1.5.0-11 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND squid-3.5.21-26.29 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information ghostscript-9.52-23.34 is installed OR ghostscript-x11-9.52-23.34 is installed OR libspectre-0.2.7-12.10 is installed OR libspectre1-0.2.7-12.10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information kgraft-patch-4_4_180-94_97-default-8-2 is installed OR kgraft-patch-SLE12-SP3_Update_26-8-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information libjavascriptcoregtk-4_0-18-2.20.3-2.23 is installed OR libwebkit2gtk-4_0-37-2.20.3-2.23 is installed OR typelib-1_0-JavaScriptCore-4_0-2.20.3-2.23 is installed OR typelib-1_0-WebKit2-4_0-2.20.3-2.23 is installed OR webkit2gtk-4_0-injected-bundles-2.20.3-2.23 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information perl-5.18.2-12.20 is installed OR perl-32bit-5.18.2-12.20 is installed OR perl-base-5.18.2-12.20 is installed OR perl-doc-5.18.2-12.20 is installed
Definition Synopsis
SUSE OpenStack Cloud 8 is installed AND Package Information curl-7.37.0-37.43 is installed OR libcurl4-7.37.0-37.43 is installed OR libcurl4-32bit-7.37.0-37.43 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information tomcat-8.0.53-29.22 is installed OR tomcat-admin-webapps-8.0.53-29.22 is installed OR tomcat-docs-webapp-8.0.53-29.22 is installed OR tomcat-el-3_0-api-8.0.53-29.22 is installed OR tomcat-javadoc-8.0.53-29.22 is installed OR tomcat-jsp-2_3-api-8.0.53-29.22 is installed OR tomcat-lib-8.0.53-29.22 is installed OR tomcat-servlet-3_1-api-8.0.53-29.22 is installed OR tomcat-webapps-8.0.53-29.22 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3 is installed OR crowbar-6.0+git.1561125496.b7508480-3.6 is installed OR crowbar-core-6.0+git.1562154525.5e2983308-3.3 is installed OR crowbar-core-branding-upstream-6.0+git.1562154525.5e2983308-3.3 is installed OR crowbar-devel-6.0+git.1561125496.b7508480-3.6 is installed OR crowbar-ha-6.0+git.1560951093.4af1ee5-3.3 is installed OR crowbar-openstack-6.0+git.1562153583.4735fcf34-3.3 is installed OR documentation-suse-openstack-cloud-crowbar-deployment-9.20190621-3.3 is installed OR documentation-suse-openstack-cloud-crowbar-operations-9.20190621-3.3 is installed OR documentation-suse-openstack-cloud-supplement-9.20190621-3.3 is installed OR galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3 is installed OR grafana-5.3.3-3.3 is installed OR grafana-monasca-ui-drilldown-1.14.1~dev7-3.3 is installed OR openstack-ceilometer-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-central-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-compute-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-ipmi-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-agent-notification-11.0.2~dev13-3.3 is installed OR openstack-ceilometer-polling-11.0.2~dev13-3.3 is installed OR openstack-cinder-13.0.6~dev12-3.3 is installed OR openstack-cinder-api-13.0.6~dev12-3.3 is installed OR openstack-cinder-backup-13.0.6~dev12-3.3 is installed OR openstack-cinder-scheduler-13.0.6~dev12-3.3 is installed OR openstack-cinder-volume-13.0.6~dev12-3.3 is installed OR openstack-dashboard-14.0.4~dev4-3.3 is installed OR openstack-designate-7.0.1~dev20-3.3 is installed OR openstack-designate-agent-7.0.1~dev20-3.3 is installed OR openstack-designate-api-7.0.1~dev20-3.3 is installed OR openstack-designate-central-7.0.1~dev20-3.3 is installed OR openstack-designate-producer-7.0.1~dev20-3.3 is installed OR openstack-designate-sink-7.0.1~dev20-3.3 is installed OR openstack-designate-worker-7.0.1~dev20-3.3 is installed OR openstack-heat-11.0.3~dev5-3.3 is installed OR openstack-heat-api-11.0.3~dev5-3.3 is installed OR openstack-heat-api-cfn-11.0.3~dev5-3.3 is installed OR openstack-heat-engine-11.0.3~dev5-3.3 is installed OR openstack-heat-plugin-heat_docker-11.0.3~dev5-3.3 is installed OR openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3 is installed OR openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3 is installed OR openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3 is installed OR openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3 is installed OR openstack-ironic-11.1.4~dev2-3.3 is installed OR openstack-ironic-api-11.1.4~dev2-3.3 is installed OR openstack-ironic-conductor-11.1.4~dev2-3.3 is installed OR openstack-ironic-python-agent-3.3.2~dev13-3.3 is installed OR openstack-keystone-14.1.1~dev7-3.3 is installed OR openstack-magnum-7.1.1~dev24-3.3 is installed OR openstack-magnum-api-7.1.1~dev24-3.3 is installed OR openstack-magnum-conductor-7.1.1~dev24-3.3 is installed OR openstack-manila-7.3.1~dev2-4.3 is installed OR openstack-manila-api-7.3.1~dev2-4.3 is installed OR openstack-manila-data-7.3.1~dev2-4.3 is installed OR openstack-manila-scheduler-7.3.1~dev2-4.3 is installed OR openstack-manila-share-7.3.1~dev2-4.3 is installed OR openstack-monasca-agent-2.8.1~dev10-3.3 is installed OR openstack-monasca-notification-1.14.1~dev8-6.3 is installed OR openstack-neutron-13.0.4~dev89-3.3 is installed OR openstack-neutron-dhcp-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-fwaas-13.0.2~dev14-3.3 is installed OR openstack-neutron-gbp-5.0.1~dev443-3.3 is installed OR openstack-neutron-ha-tool-13.0.4~dev89-3.3 is installed OR openstack-neutron-l3-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-lbaas-13.0.1~dev12-3.3 is installed OR openstack-neutron-lbaas-agent-13.0.1~dev12-3.3 is installed OR openstack-neutron-linuxbridge-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-macvtap-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-metadata-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-metering-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-openvswitch-agent-13.0.4~dev89-3.3 is installed OR openstack-neutron-server-13.0.4~dev89-3.3 is installed OR openstack-neutron-vpnaas-13.0.2~dev4-3.3 is installed OR openstack-neutron-vyatta-agent-13.0.2~dev4-3.3 is installed OR openstack-nova-18.2.2~dev9-3.3 is installed OR openstack-nova-api-18.2.2~dev9-3.3 is installed OR openstack-nova-cells-18.2.2~dev9-3.3 is installed OR openstack-nova-compute-18.2.2~dev9-3.3 is installed OR openstack-nova-conductor-18.2.2~dev9-3.3 is installed OR openstack-nova-console-18.2.2~dev9-3.3 is installed OR openstack-nova-novncproxy-18.2.2~dev9-3.3 is installed OR openstack-nova-placement-api-18.2.2~dev9-3.3 is installed OR openstack-nova-scheduler-18.2.2~dev9-3.3 is installed OR openstack-nova-serialproxy-18.2.2~dev9-3.3 is installed OR openstack-nova-vncproxy-18.2.2~dev9-3.3 is installed OR openstack-octavia-3.1.2~dev2-3.3 is installed OR openstack-octavia-amphora-agent-3.1.2~dev2-3.3 is installed OR openstack-octavia-api-3.1.2~dev2-3.3 is installed OR openstack-octavia-health-manager-3.1.2~dev2-3.3 is installed OR openstack-octavia-housekeeping-3.1.2~dev2-3.3 is installed OR openstack-octavia-worker-3.1.2~dev2-3.3 is installed OR python-barbican-tempest-plugin-0.1.0-4.3 is installed OR python-ceilometer-11.0.2~dev13-3.3 is installed OR python-cinder-13.0.6~dev12-3.3 is installed OR python-cinderclient-4.0.2-3.3 is installed OR python-cinderclient-doc-4.0.2-3.3 is installed OR python-designate-7.0.1~dev20-3.3 is installed OR python-heat-11.0.3~dev5-3.3 is installed OR python-horizon-14.0.4~dev4-3.3 is installed OR python-horizon-plugin-designate-ui-7.0.1~dev7-3.3 is installed OR python-horizon-plugin-heat-ui-1.4.1~dev4-4.3 is installed OR python-horizon-plugin-magnum-ui-5.0.2~dev9-3.3 is installed OR python-horizon-plugin-monasca-ui-1.14.1~dev7-3.3 is installed OR python-ironic-11.1.4~dev2-3.3 is installed OR python-ironicclient-2.5.2-4.3 is installed OR python-ironicclient-doc-2.5.2-4.3 is installed OR python-keystone-14.1.1~dev7-3.3 is installed OR python-magnum-7.1.1~dev24-3.3 is installed OR python-manila-7.3.1~dev2-4.3 is installed OR python-manila-tempest-plugin-0.1.0-3.3 is installed OR python-manilaclient-1.24.2-3.3 is installed OR python-manilaclient-doc-1.24.2-3.3 is installed OR python-monasca-agent-2.8.1~dev10-3.3 is installed OR python-monasca-notification-1.14.1~dev8-6.3 is installed OR python-neutron-13.0.4~dev89-3.3 is installed OR python-neutron-fwaas-13.0.2~dev14-3.3 is installed OR python-neutron-gbp-5.0.1~dev443-3.3 is installed OR python-neutron-lbaas-13.0.1~dev12-3.3 is installed OR python-neutron-vpnaas-13.0.2~dev4-3.3 is installed OR python-nova-18.2.2~dev9-3.3 is installed OR python-octavia-3.1.2~dev2-3.3 is installed OR python-openstack_auth-14.0.4~dev4-3.3 is installed OR python-os-brick-2.5.7-3.3 is installed OR python-os-brick-common-2.5.7-3.3 is installed OR python-oslo.db-4.40.2-3.3 is installed OR python-proliantutils-2.8.4-1 is installed OR supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1 is installed

BACK