Vulnerability-Lookup

CVE-2017-14952 (GCVE-0-2017-14952)

Vulnerability from cvelistv5 – Published: 2017-10-16 16:00 – Updated: 2024-08-05 19:42

Summary

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue.

Severity

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Assigner

mitre

References

3 references

URL	Tags
http://www.sourcebrella.com/blog/double-free-vuln…	x_refsource_MISC
http://bugs.icu-project.org/trac/changeset/40324/…	x_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC

Date Public

2017-08-09 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:42:22.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-08-09T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-04-23T19:08:15.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-14952",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/",
              "refsource": "MISC",
              "url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
            },
            {
              "name": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp",
              "refsource": "CONFIRM",
              "url": "http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-14952",
    "datePublished": "2017-10-16T16:00:00.000Z",
    "dateReserved": "2017-09-29T00:00:00.000Z",
    "dateUpdated": "2024-08-05T19:42:22.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2017-14952",
      "date": "2026-06-22",
      "epss": "0.05096",
      "percentile": "0.91262"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\\\/c\\\\+\\\\+:*:*\", \"versionEndIncluding\": \"59.1\", \"matchCriteriaId\": \"D014CA1A-E812-43A8-BA9B-4CEBD3D57109\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \\\"redundant UVector entry clean up function call\\\" issue.\"}, {\"lang\": \"es\", \"value\": \"Doble liberaci\\u00f3n (double free) en i18n/zonemeta.cpp en International Components for Unicode (ICU) para C/C++ hasta la versi\\u00f3n 59.1 permite que atacantes remotos ejecuten c\\u00f3digo arbitrario mediante una cadena manipulada. Esto tambi\\u00e9n se conoce como \\\"redundant UVector entry clean up function call\\\".\"}]",
      "id": "CVE-2017-14952",
      "lastModified": "2024-11-21T03:13:49.693",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-16T16:29:00.887",
      "references": "[{\"url\": \"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\"]}, {\"url\": \"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-415\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-14952\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-16T16:29:00.887\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \\\"redundant UVector entry clean up function call\\\" issue.\"},{\"lang\":\"es\",\"value\":\"Doble liberaci\u00f3n (double free) en i18n/zonemeta.cpp en International Components for Unicode (ICU) para C/C++ hasta la versi\u00f3n 59.1 permite que atacantes remotos ejecuten c\u00f3digo arbitrario mediante una cadena manipulada. Esto tambi\u00e9n se conoce como \\\"redundant UVector entry clean up function call\\\".\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-415\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\\\\/c\\\\+\\\\+:*:*\",\"versionEndIncluding\":\"59.1\",\"matchCriteriaId\":\"D014CA1A-E812-43A8-BA9B-4CEBD3D57109\"}]}]}],\"references\":[{\"url\":\"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

SUSE-SU-2018:1401-2

Vulnerability from csaf_suse - Published: 2018-10-18 12:43 - Updated: 2018-10-18 12:43

Summary

Security update for icu

Severity

Moderate

Notes

Title of the patch: Security update for icu

Description of the patch: icu was updated to fix two security issues. These security issues were fixed: - CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) used an integer data type that is inconsistent with a header file, which allowed remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) did not properly track directionally isolated pieces of text, which allowed remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text (bsc#929629). - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) for C/C++ did not ensure that there is a '\0' character at the end of a certain temporary array, which allowed remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument (bsc#990636). - CVE-2017-7868: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (bsc#1034674) - CVE-2017-7867: International Components for Unicode (ICU) for C/C++ 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue (bnc#1067203) - CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC (bnc#1072193) - CVE-2017-15422: An integer overflow in icu during persian calendar date processing could lead to incorrect years shown (bnc#1077999)

Patchnames: SUSE-SLE-SERVER-12-SP2-BCL-2018-979

CVE-2014-8146

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2014-8147

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2016-6293

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-14952

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-15422

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17484

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7867

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7868

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 4 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64	—	Vendor Fix

Threats

Impact important

References

54 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1034674	self
https://bugzilla.suse.com/1034678	self
https://bugzilla.suse.com/1067203	self
https://bugzilla.suse.com/1072193	self
https://bugzilla.suse.com/1077999	self
https://bugzilla.suse.com/1087932	self
https://bugzilla.suse.com/929629	self
https://bugzilla.suse.com/990636	self
https://www.suse.com/security/cve/CVE-2014-8146/	self
https://www.suse.com/security/cve/CVE-2014-8147/	self
https://www.suse.com/security/cve/CVE-2016-6293/	self
https://www.suse.com/security/cve/CVE-2017-14952/	self
https://www.suse.com/security/cve/CVE-2017-15422/	self
https://www.suse.com/security/cve/CVE-2017-17484/	self
https://www.suse.com/security/cve/CVE-2017-7867/	self
https://www.suse.com/security/cve/CVE-2017-7868/	self
https://www.suse.com/security/cve/CVE-2014-8146	external
https://bugzilla.suse.com/1066493	external
https://bugzilla.suse.com/910805	external
https://bugzilla.suse.com/927951	external
https://bugzilla.suse.com/929629	external
https://bugzilla.suse.com/959178	external
https://www.suse.com/security/cve/CVE-2014-8147	external
https://bugzilla.suse.com/1066493	external
https://bugzilla.suse.com/1079317	external
https://bugzilla.suse.com/910805	external
https://bugzilla.suse.com/910806	external
https://bugzilla.suse.com/927951	external
https://bugzilla.suse.com/929629	external
https://bugzilla.suse.com/959178	external
https://www.suse.com/security/cve/CVE-2016-6293	external
https://bugzilla.suse.com/1035111	external
https://bugzilla.suse.com/1123121	external
https://bugzilla.suse.com/990636	external
https://www.suse.com/security/cve/CVE-2017-14952	external
https://bugzilla.suse.com/1067203	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-15422	external
https://bugzilla.suse.com/1071691	external
https://bugzilla.suse.com/1077999	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-17484	external
https://bugzilla.suse.com/1072193	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-7867	external
https://bugzilla.suse.com/1034678	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-7868	external
https://bugzilla.suse.com/1034674	external
https://bugzilla.suse.com/1123121	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for icu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "icu was updated to fix two security issues.\n\nThese security issues were fixed:\n- CVE-2014-8147: The resolveImplicitLevels function in common/ubidi.c\n  in the Unicode Bidirectional Algorithm implementation in ICU4C in\n  International Components for Unicode (ICU) used an integer data type\n  that is inconsistent with a header file, which allowed remote attackers\n  to cause a denial of service (incorrect malloc followed by invalid free)\n  or possibly execute arbitrary code via crafted text (bsc#929629).\n- CVE-2014-8146: The resolveImplicitLevels function in common/ubidi.c\n  in the Unicode Bidirectional Algorithm implementation in ICU4C in\n  International Components for Unicode (ICU) did not properly track\n  directionally isolated pieces of text, which allowed remote attackers\n  to cause a denial of service (heap-based buffer overflow) or possibly\n  execute arbitrary code via crafted text (bsc#929629).\n- CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in\n  common/uloc.cpp in International Components for Unicode (ICU) for C/C++\n  did not ensure that there is a \u0027\\0\u0027 character at the end of a certain\n  temporary array, which allowed remote attackers to cause a denial of\n  service (out-of-bounds read) or possibly have unspecified other impact\n  via a call with a long httpAcceptLanguage argument (bsc#990636).\n- CVE-2017-7868: International Components for Unicode (ICU) for C/C++\n  2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n  overflow related to the utf8TextAccess function in common/utext.cpp and\n  the utext_moveIndex32* function (bsc#1034674)\n- CVE-2017-7867: International Components for Unicode (ICU) for C/C++\n  2017-02-13 has an out-of-bounds write caused by a heap-based buffer\n  overflow related to the utf8TextAccess function in common/utext.cpp and\n  the utext_setNativeIndex* function (bsc#1034678)\n- CVE-2017-14952: Double free in i18n/zonemeta.cpp in International\n  Components for Unicode (ICU) for C/C++ allowed remote attackers to\n  execute arbitrary code via a crafted string, aka a \u0027redundant UVector\n  entry clean up function call\u0027 issue (bnc#1067203)\n- CVE-2017-17484: The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp\n  in International Components for Unicode (ICU) for C/C++ mishandled\n  ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allowed remote\n  attackers to cause a denial of service (stack-based buffer overflow\n  and application crash) or possibly have unspecified other impact via a\n  crafted string, as demonstrated by ZNC  (bnc#1072193)\n- CVE-2017-15422: An integer overflow in icu during persian calendar\n  date processing could lead to incorrect years shown (bnc#1077999)\n\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLE-SERVER-12-SP2-BCL-2018-979",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1401-2.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1401-2",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181401-2/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1401-2",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-October/004696.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034674",
        "url": "https://bugzilla.suse.com/1034674"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034678",
        "url": "https://bugzilla.suse.com/1034678"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1067203",
        "url": "https://bugzilla.suse.com/1067203"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1072193",
        "url": "https://bugzilla.suse.com/1072193"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1077999",
        "url": "https://bugzilla.suse.com/1077999"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1087932",
        "url": "https://bugzilla.suse.com/1087932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 929629",
        "url": "https://bugzilla.suse.com/929629"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 990636",
        "url": "https://bugzilla.suse.com/990636"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8146 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8146/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2014-8147 page",
        "url": "https://www.suse.com/security/cve/CVE-2014-8147/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6293 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6293/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14952 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14952/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15422 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15422/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17484 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17484/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7867 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7868 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7868/"
      }
    ],
    "title": "Security update for icu",
    "tracking": {
      "current_release_date": "2018-10-18T12:43:53Z",
      "generator": {
        "date": "2018-10-18T12:43:53Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1401-2",
      "initial_release_date": "2018-10-18T12:43:53Z",
      "revision_history": [
        {
          "date": "2018-10-18T12:43:53Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libicu-doc-52.1-8.7.1.x86_64",
                "product": {
                  "name": "libicu-doc-52.1-8.7.1.x86_64",
                  "product_id": "libicu-doc-52.1-8.7.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu52_1-52.1-8.7.1.x86_64",
                "product": {
                  "name": "libicu52_1-52.1-8.7.1.x86_64",
                  "product_id": "libicu52_1-52.1-8.7.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu52_1-32bit-52.1-8.7.1.x86_64",
                "product": {
                  "name": "libicu52_1-32bit-52.1-8.7.1.x86_64",
                  "product_id": "libicu52_1-32bit-52.1-8.7.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu52_1-data-52.1-8.7.1.x86_64",
                "product": {
                  "name": "libicu52_1-data-52.1-8.7.1.x86_64",
                  "product_id": "libicu52_1-data-52.1-8.7.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                "product": {
                  "name": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles-bcl:12:sp2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-52.1-8.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64"
        },
        "product_reference": "libicu-doc-52.1-8.7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu52_1-52.1-8.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64"
        },
        "product_reference": "libicu52_1-52.1-8.7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu52_1-32bit-52.1-8.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64"
        },
        "product_reference": "libicu52_1-32bit-52.1-8.7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu52_1-data-52.1-8.7.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
          "product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        },
        "product_reference": "libicu52_1-data-52.1-8.7.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-8146",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8146"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8146",
          "url": "https://www.suse.com/security/cve/CVE-2014-8146"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066493 for CVE-2014-8146",
          "url": "https://bugzilla.suse.com/1066493"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 910805 for CVE-2014-8146",
          "url": "https://bugzilla.suse.com/910805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927951 for CVE-2014-8146",
          "url": "https://bugzilla.suse.com/927951"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 929629 for CVE-2014-8146",
          "url": "https://bugzilla.suse.com/929629"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959178 for CVE-2014-8146",
          "url": "https://bugzilla.suse.com/959178"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-8146"
    },
    {
      "cve": "CVE-2014-8147",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2014-8147"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2014-8147",
          "url": "https://www.suse.com/security/cve/CVE-2014-8147"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1066493 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/1066493"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1079317 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/1079317"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 910805 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/910805"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 910806 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/910806"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 927951 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/927951"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 929629 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/929629"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 959178 for CVE-2014-8147",
          "url": "https://bugzilla.suse.com/959178"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "important"
        }
      ],
      "title": "CVE-2014-8147"
    },
    {
      "cve": "CVE-2016-6293",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6293"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a \u0027\\0\u0027 character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6293",
          "url": "https://www.suse.com/security/cve/CVE-2016-6293"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1035111 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/1035111"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/1123121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990636 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/990636"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6293"
    },
    {
      "cve": "CVE-2017-14952",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14952"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14952",
          "url": "https://www.suse.com/security/cve/CVE-2017-14952"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067203 for CVE-2017-14952",
          "url": "https://bugzilla.suse.com/1067203"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-14952",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14952"
    },
    {
      "cve": "CVE-2017-15422",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15422"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15422",
          "url": "https://www.suse.com/security/cve/CVE-2017-15422"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071691 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1071691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077999 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1077999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15422"
    },
    {
      "cve": "CVE-2017-17484",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17484"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17484",
          "url": "https://www.suse.com/security/cve/CVE-2017-17484"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072193 for CVE-2017-17484",
          "url": "https://bugzilla.suse.com/1072193"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-17484",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17484"
    },
    {
      "cve": "CVE-2017-7867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7867",
          "url": "https://www.suse.com/security/cve/CVE-2017-7867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034678 for CVE-2017-7867",
          "url": "https://bugzilla.suse.com/1034678"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-7867",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7867"
    },
    {
      "cve": "CVE-2017-7868",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7868"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
          "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7868",
          "url": "https://www.suse.com/security/cve/CVE-2017-7868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034674 for CVE-2017-7868",
          "url": "https://bugzilla.suse.com/1034674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-7868",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu-doc-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-32bit-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-52.1-8.7.1.x86_64",
            "SUSE Linux Enterprise Server 12 SP2-BCL:libicu52_1-data-52.1-8.7.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-10-18T12:43:53Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7868"
    }
  ]
}

SUSE-SU-2018:1602-1

Vulnerability from csaf_suse - Published: 2018-06-08 09:39 - Updated: 2018-06-08 09:39

Summary

Security update for icu

Severity

Important

Notes

Title of the patch: Security update for icu

Description of the patch: This update for icu fixes the following issues: - CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a '\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636) - CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674) - CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678) - CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a 'redundant UVector entry clean up function call' issue. (bsc#1067203) - CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193) - CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999)

Patchnames: sdksp4-icu-13646,slessp4-icu-13646

CVE-2016-6293

9.8 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-14952

5.3 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-15422

6.5 (Medium)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-17484

7.3 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2017-7867

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2017-7868

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 39 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64	—	Vendor Fix

Threats

Impact important

References

36 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-security-upd…	self
https://bugzilla.suse.com/1034674	self
https://bugzilla.suse.com/1034678	self
https://bugzilla.suse.com/1067203	self
https://bugzilla.suse.com/1072193	self
https://bugzilla.suse.com/1077999	self
https://bugzilla.suse.com/990636	self
https://www.suse.com/security/cve/CVE-2016-6293/	self
https://www.suse.com/security/cve/CVE-2017-14952/	self
https://www.suse.com/security/cve/CVE-2017-15422/	self
https://www.suse.com/security/cve/CVE-2017-17484/	self
https://www.suse.com/security/cve/CVE-2017-7867/	self
https://www.suse.com/security/cve/CVE-2017-7868/	self
https://www.suse.com/security/cve/CVE-2016-6293	external
https://bugzilla.suse.com/1035111	external
https://bugzilla.suse.com/1123121	external
https://bugzilla.suse.com/990636	external
https://www.suse.com/security/cve/CVE-2017-14952	external
https://bugzilla.suse.com/1067203	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-15422	external
https://bugzilla.suse.com/1071691	external
https://bugzilla.suse.com/1077999	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-17484	external
https://bugzilla.suse.com/1072193	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-7867	external
https://bugzilla.suse.com/1034678	external
https://bugzilla.suse.com/1123121	external
https://www.suse.com/security/cve/CVE-2017-7868	external
https://bugzilla.suse.com/1034674	external
https://bugzilla.suse.com/1123121	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for icu",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for icu fixes the following issues:\n\n- CVE-2016-6293: The uloc_acceptLanguageFromHTTP function in common/uloc.cpp did not ensure that there is a \u0027\\0\u0027 character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument. (bsc#990636)\n- CVE-2017-7868: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function. (bsc#1034674)\n- CVE-2017-7867: ICU had an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function. (bsc#1034678)\n- CVE-2017-14952: Double free in i18n/zonemeta.cpp allowed remote attackers to execute arbitrary code via a crafted string, aka a \u0027redundant UVector entry clean up function call\u0027 issue. (bsc#1067203)\n- CVE-2017-17484:The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp mishandled ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC. (bsc#1072193)\n- CVE-2017-15422: An integer overflow in persian calendar calculation was fixed, which could show wrong years. (bsc#1077999)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "sdksp4-icu-13646,slessp4-icu-13646",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_1602-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2018:1602-1",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181602-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2018:1602-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2018-June/004167.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034674",
        "url": "https://bugzilla.suse.com/1034674"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1034678",
        "url": "https://bugzilla.suse.com/1034678"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1067203",
        "url": "https://bugzilla.suse.com/1067203"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1072193",
        "url": "https://bugzilla.suse.com/1072193"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1077999",
        "url": "https://bugzilla.suse.com/1077999"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 990636",
        "url": "https://bugzilla.suse.com/990636"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2016-6293 page",
        "url": "https://www.suse.com/security/cve/CVE-2016-6293/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-14952 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-14952/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-15422 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-15422/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-17484 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-17484/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7867 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7867/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2017-7868 page",
        "url": "https://www.suse.com/security/cve/CVE-2017-7868/"
      }
    ],
    "title": "Security update for icu",
    "tracking": {
      "current_release_date": "2018-06-08T09:39:04Z",
      "generator": {
        "date": "2018-06-08T09:39:04Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2018:1602-1",
      "initial_release_date": "2018-06-08T09:39:04Z",
      "revision_history": [
        {
          "date": "2018-06-08T09:39:04Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "icu-4.0-47.6.1.i586",
                "product": {
                  "name": "icu-4.0-47.6.1.i586",
                  "product_id": "icu-4.0-47.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-devel-4.0-47.6.1.i586",
                "product": {
                  "name": "libicu-devel-4.0-47.6.1.i586",
                  "product_id": "libicu-devel-4.0-47.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-4.0-47.6.1.i586",
                "product": {
                  "name": "libicu-4.0-47.6.1.i586",
                  "product_id": "libicu-4.0-47.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-doc-4.0-47.6.1.i586",
                "product": {
                  "name": "libicu-doc-4.0-47.6.1.i586",
                  "product_id": "libicu-doc-4.0-47.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libicu-devel-4.0-47.6.1.ia64",
                "product": {
                  "name": "libicu-devel-4.0-47.6.1.ia64",
                  "product_id": "libicu-devel-4.0-47.6.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-4.0-47.6.1.ia64",
                "product": {
                  "name": "libicu-4.0-47.6.1.ia64",
                  "product_id": "libicu-4.0-47.6.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-doc-4.0-47.6.1.ia64",
                "product": {
                  "name": "libicu-doc-4.0-47.6.1.ia64",
                  "product_id": "libicu-doc-4.0-47.6.1.ia64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-x86-4.0-47.6.1.ia64",
                "product": {
                  "name": "libicu-x86-4.0-47.6.1.ia64",
                  "product_id": "libicu-x86-4.0-47.6.1.ia64"
                }
              }
            ],
            "category": "architecture",
            "name": "ia64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libicu-devel-4.0-47.6.1.ppc64",
                "product": {
                  "name": "libicu-devel-4.0-47.6.1.ppc64",
                  "product_id": "libicu-devel-4.0-47.6.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-devel-32bit-4.0-47.6.1.ppc64",
                "product": {
                  "name": "libicu-devel-32bit-4.0-47.6.1.ppc64",
                  "product_id": "libicu-devel-32bit-4.0-47.6.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-4.0-47.6.1.ppc64",
                "product": {
                  "name": "libicu-4.0-47.6.1.ppc64",
                  "product_id": "libicu-4.0-47.6.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-32bit-4.0-47.6.1.ppc64",
                "product": {
                  "name": "libicu-32bit-4.0-47.6.1.ppc64",
                  "product_id": "libicu-32bit-4.0-47.6.1.ppc64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-doc-4.0-47.6.1.ppc64",
                "product": {
                  "name": "libicu-doc-4.0-47.6.1.ppc64",
                  "product_id": "libicu-doc-4.0-47.6.1.ppc64"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libicu-devel-4.0-47.6.1.s390x",
                "product": {
                  "name": "libicu-devel-4.0-47.6.1.s390x",
                  "product_id": "libicu-devel-4.0-47.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-devel-32bit-4.0-47.6.1.s390x",
                "product": {
                  "name": "libicu-devel-32bit-4.0-47.6.1.s390x",
                  "product_id": "libicu-devel-32bit-4.0-47.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-4.0-47.6.1.s390x",
                "product": {
                  "name": "libicu-4.0-47.6.1.s390x",
                  "product_id": "libicu-4.0-47.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-32bit-4.0-47.6.1.s390x",
                "product": {
                  "name": "libicu-32bit-4.0-47.6.1.s390x",
                  "product_id": "libicu-32bit-4.0-47.6.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-doc-4.0-47.6.1.s390x",
                "product": {
                  "name": "libicu-doc-4.0-47.6.1.s390x",
                  "product_id": "libicu-doc-4.0-47.6.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "icu-4.0-47.6.1.x86_64",
                "product": {
                  "name": "icu-4.0-47.6.1.x86_64",
                  "product_id": "icu-4.0-47.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-32bit-4.0-47.6.1.x86_64",
                "product": {
                  "name": "libicu-32bit-4.0-47.6.1.x86_64",
                  "product_id": "libicu-32bit-4.0-47.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-devel-4.0-47.6.1.x86_64",
                "product": {
                  "name": "libicu-devel-4.0-47.6.1.x86_64",
                  "product_id": "libicu-devel-4.0-47.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-devel-32bit-4.0-47.6.1.x86_64",
                "product": {
                  "name": "libicu-devel-32bit-4.0-47.6.1.x86_64",
                  "product_id": "libicu-devel-32bit-4.0-47.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-4.0-47.6.1.x86_64",
                "product": {
                  "name": "libicu-4.0-47.6.1.x86_64",
                  "product_id": "libicu-4.0-47.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libicu-doc-4.0-47.6.1.x86_64",
                "product": {
                  "name": "libicu-doc-4.0-47.6.1.x86_64",
                  "product_id": "libicu-doc-4.0-47.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:suse:sle-sdk:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:suse_sles:11:sp4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles_sap:11:sp4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "icu-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586"
        },
        "product_reference": "icu-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "icu-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64"
        },
        "product_reference": "icu-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586"
        },
        "product_reference": "libicu-devel-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-devel-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-devel-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-devel-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-devel-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-32bit-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-devel-32bit-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-32bit-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-devel-32bit-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-devel-32bit-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 11 SP4",
          "product_id": "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-devel-32bit-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586"
        },
        "product_reference": "libicu-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-x86-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4",
          "product_id": "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-x86-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586"
        },
        "product_reference": "libicu-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-32bit-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-32bit-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.i586 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.i586",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.ppc64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.ppc64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-doc-4.0-47.6.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64"
        },
        "product_reference": "libicu-doc-4.0-47.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libicu-x86-4.0-47.6.1.ia64 as component of SUSE Linux Enterprise Server for SAP Applications 11 SP4",
          "product_id": "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64"
        },
        "product_reference": "libicu-x86-4.0-47.6.1.ia64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 11 SP4"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2016-6293",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2016-6293"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a \u0027\\0\u0027 character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2016-6293",
          "url": "https://www.suse.com/security/cve/CVE-2016-6293"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1035111 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/1035111"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/1123121"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 990636 for CVE-2016-6293",
          "url": "https://bugzilla.suse.com/990636"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2016-6293"
    },
    {
      "cve": "CVE-2017-14952",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-14952"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a \"redundant UVector entry clean up function call\" issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-14952",
          "url": "https://www.suse.com/security/cve/CVE-2017-14952"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1067203 for CVE-2017-14952",
          "url": "https://bugzilla.suse.com/1067203"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-14952",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-14952"
    },
    {
      "cve": "CVE-2017-15422",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-15422"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Integer overflow in international date handling in International Components for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome prior to 63.0.3239.84 and other products, allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-15422",
          "url": "https://www.suse.com/security/cve/CVE-2017-15422"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1071691 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1071691"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1077999 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1077999"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-15422",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-15422"
    },
    {
      "cve": "CVE-2017-17484",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-17484"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International Components for Unicode (ICU) for C/C++ through 60.1 mishandles ucnv_convertEx calls for UTF-8 to UTF-8 conversion, which allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted string, as demonstrated by ZNC.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-17484",
          "url": "https://www.suse.com/security/cve/CVE-2017-17484"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1072193 for CVE-2017-17484",
          "url": "https://bugzilla.suse.com/1072193"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-17484",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2017-17484"
    },
    {
      "cve": "CVE-2017-7867",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7867"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7867",
          "url": "https://www.suse.com/security/cve/CVE-2017-7867"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034678 for CVE-2017-7867",
          "url": "https://bugzilla.suse.com/1034678"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-7867",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7867"
    },
    {
      "cve": "CVE-2017-7868",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2017-7868"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
          "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2017-7868",
          "url": "https://www.suse.com/security/cve/CVE-2017-7868"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1034674 for CVE-2017-7868",
          "url": "https://bugzilla.suse.com/1034674"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1123121 for CVE-2017-7868",
          "url": "https://bugzilla.suse.com/1123121"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-doc-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Server for SAP Applications 11 SP4:libicu-x86-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:icu-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-32bit-4.0-47.6.1.x86_64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.i586",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ia64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.ppc64",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.s390x",
            "SUSE Linux Enterprise Software Development Kit 11 SP4:libicu-devel-4.0-47.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2018-06-08T09:39:04Z",
          "details": "important"
        }
      ],
      "title": "CVE-2017-7868"
    }
  ]
}

WID-SEC-W-2025-1659

Vulnerability from csaf_certbund - Published: 2017-10-16 22:00 - Updated: 2025-10-26 23:00

Summary

International Components for Unicode (icu): Schwachstelle ermöglicht Denial of Service

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Die International Components for Unicode (ICU) sind C, C++ und Java Bibliotheken zur Auswertung regulärer Ausdrücke bzw. zum Verarbeiten von Strings und Zeichen im Unicode Format.

Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in International Components for Unicode (icu) ausnutzen, um einen Denial of Service Angriff durchzuführen.

Betroffene Betriebssysteme: - Android - iPhoneOS - Linux - MacOS X - Sonstiges - UNIX - Windows

CVE-2017-14952

Affected products

Known affected 6 products

Product	Identifier	Version
IBM DB2 IBM	`cpe:/a:ibm:db2:-`	—
SUSE Linux SUSE	`cpe:/o:suse:suse_linux:-`	—
Ubuntu Linux Ubuntu	`cpe:/o:canonical:ubuntu_linux:-`	—
HCL Commerce HCL	`cpe:/a:hcltechsw:commerce:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—
Open Source International Components for Unicode (icu) <60.1 Open Source / International Components for Unicode (icu)		<60.1

References

10 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
http://www.sourcebrella.com/blog/double-free-vuln…	external
http://www.ubuntu.com/usn/usn-3458-2/	external
http://www.ubuntu.com/usn/usn-3458-1/	external
https://www.suse.com/support/update/announcement/…	external
https://www.suse.com/support/update/announcement/…	external
http://linux.oracle.com/errata/ELSA-2025-11888.html	external
https://www.ibm.com/support/pages/node/7241823	external
https://support.hcl-software.com/csm?id=kb_articl…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Die International Components for Unicode (ICU) sind C, C++ und Java Bibliotheken zur Auswertung regul\u00e4rer Ausdr\u00fccke bzw. zum Verarbeiten von Strings und Zeichen im Unicode Format.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in International Components for Unicode (icu) ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Android\n- iPhoneOS\n- Linux\n- MacOS X\n- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1659 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2025-1659.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1659 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1659"
      },
      {
        "category": "external",
        "summary": "Sourcebrella Blogeintrag vom 2017-10-16",
        "url": "http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3458-2 vom 2017-10-23",
        "url": "http://www.ubuntu.com/usn/usn-3458-2/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-3458-1 vom 2017-10-23",
        "url": "http://www.ubuntu.com/usn/usn-3458-1/"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:1401-1 vom 2018-05-24",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181401-1.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2018:1602-1 vom 2018-06-08",
        "url": "https://www.suse.com/support/update/announcement/2018/suse-su-20181602-1.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-11888 vom 2025-07-29",
        "url": "http://linux.oracle.com/errata/ELSA-2025-11888.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7241823 vom 2025-08-08",
        "url": "https://www.ibm.com/support/pages/node/7241823"
      },
      {
        "category": "external",
        "summary": "HCL Security Bulletin vom 2025-10-24",
        "url": "https://support.hcl-software.com/csm?id=kb_article\u0026sysparm_article=KB0123933"
      }
    ],
    "source_lang": "en-US",
    "title": "International Components for Unicode (icu): Schwachstelle erm\u00f6glicht Denial of Service",
    "tracking": {
      "current_release_date": "2025-10-26T23:00:00.000+00:00",
      "generator": {
        "date": "2025-10-27T10:03:29.027+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1659",
      "initial_release_date": "2017-10-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-10-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-10-16T22:00:00.000+00:00",
          "number": "2",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2017-10-23T22:00:00.000+00:00",
          "number": "3",
          "summary": "New remediations available"
        },
        {
          "date": "2017-11-08T23:00:00.000+00:00",
          "number": "4",
          "summary": "Added references"
        },
        {
          "date": "2018-06-10T22:00:00.000+00:00",
          "number": "5",
          "summary": "New remediations available"
        },
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2025-08-07T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2025-10-26T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von HCL aufgenommen"
        }
      ],
      "status": "final",
      "version": "8"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL Commerce",
            "product": {
              "name": "HCL Commerce",
              "product_id": "T019294",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltechsw:commerce:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IBM DB2",
            "product": {
              "name": "IBM DB2",
              "product_id": "T045745",
              "product_identification_helper": {
                "cpe": "cpe:/a:ibm:db2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c60.1",
                "product": {
                  "name": "Open Source International Components for Unicode (icu) \u003c60.1",
                  "product_id": "T010957"
                }
              },
              {
                "category": "product_version",
                "name": "60.1",
                "product": {
                  "name": "Open Source International Components for Unicode (icu) 60.1",
                  "product_id": "T010957-fixed",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:icu_project:international_components_for_unicode:60.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "International Components for Unicode (icu)"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2017-14952",
      "product_status": {
        "known_affected": [
          "T045745",
          "T002207",
          "T000126",
          "T019294",
          "T004914",
          "T010957"
        ]
      },
      "release_date": "2017-10-16T22:00:00.000+00:00",
      "title": "CVE-2017-14952"
    }
  ]
}

WID-SEC-W-2025-1660

Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2025-07-28 22:00

Summary

Oracle Utilities: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Oracle Utilities ist eine Produktfamilie mit branchenspezifischen Lösungen für Ver- und Entsorger.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities ausnutzen, um einen nicht näher spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme: - Linux - UNIX - Windows

CVE-2014-7923

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-7926

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-7940

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-8146

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-8147

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-9654

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2014-9911

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2015-5922

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2015-9251

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2016-1000031

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2016-6293

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2016-7415

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2017-14952

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2017-17484

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2017-7867

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2017-7868

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-11039

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-11040

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-1257

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-1258

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

CVE-2018-8088

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
Oracle Utilities Applications Oracle	`cpe:/a:oracle:utilities:-`	—
Oracle Linux Oracle	`cpe:/o:oracle:linux:-`	—

References

4 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.oracle.com/technetwork/security-advis…	external
http://linux.oracle.com/errata/ELSA-2025-11888.html	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Utilities ist eine Produktfamilie mit branchenspezifischen L\u00f6sungen f\u00fcr Ver- und Entsorger.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Utilities ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1660 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1660.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1660 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1660"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixUTIL"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2025-11888 vom 2025-07-29",
        "url": "http://linux.oracle.com/errata/ELSA-2025-11888.html"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Utilities: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-07-28T22:00:00.000+00:00",
      "generator": {
        "date": "2025-07-29T08:29:38.026+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.4.0"
        }
      },
      "id": "WID-SEC-W-2025-1660",
      "initial_release_date": "2019-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-28T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle Utilities Applications",
            "product": {
              "name": "Oracle Utilities Applications",
              "product_id": "T008098",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:utilities:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2014-7923",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-7923"
    },
    {
      "cve": "CVE-2014-7926",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-7926"
    },
    {
      "cve": "CVE-2014-7940",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-7940"
    },
    {
      "cve": "CVE-2014-8146",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-8146"
    },
    {
      "cve": "CVE-2014-8147",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-8147"
    },
    {
      "cve": "CVE-2014-9654",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-9654"
    },
    {
      "cve": "CVE-2014-9911",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2014-9911"
    },
    {
      "cve": "CVE-2015-5922",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2015-5922"
    },
    {
      "cve": "CVE-2015-9251",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2015-9251"
    },
    {
      "cve": "CVE-2016-1000031",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1000031"
    },
    {
      "cve": "CVE-2016-6293",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-6293"
    },
    {
      "cve": "CVE-2016-7415",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-7415"
    },
    {
      "cve": "CVE-2017-14952",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-14952"
    },
    {
      "cve": "CVE-2017-17484",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-17484"
    },
    {
      "cve": "CVE-2017-7867",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-7867"
    },
    {
      "cve": "CVE-2017-7868",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-7868"
    },
    {
      "cve": "CVE-2018-11039",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2018-11040",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-1257",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1258",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1258"
    },
    {
      "cve": "CVE-2018-8088",
      "product_status": {
        "known_affected": [
          "T008098",
          "T004914"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-8088"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-14952 (GCVE-0-2017-14952)

SUSE-SU-2018:1401-2

SUSE-SU-2018:1602-1

WID-SEC-W-2025-1659

WID-SEC-W-2025-1660

Tags

Sightings

Nomenclature