Amazon Linux AMI : icu Buffer Overflow Vulnerability (ALAS-2012-33)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.

Synopsis :

The remote Amazon Linux AMI host is missing a security update.

Description :

A stack-based buffer overflow flaw was found in the way ICU performed
variant canonicalization for some locale identifiers. If a specially
crafted locale representation was opened in an application linked
against ICU, it could cause the application to crash or, possibly,
execute arbitrary code with the privileges of the user running the

See also :

Solution :

Run 'yum update icu' to update your system. Be sure to restart all
applications that are linked against ICU for the update to take

Risk factor :

High / CVSS Base Score : 7.5

Family: Amazon Linux Local Security Checks

Nessus Plugin ID: 69640 ()

Bugtraq ID:

CVE ID: CVE-2011-4599