Mandriva Linux Security Advisory : icu (MDVSA-2013:258)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated icu packages fix security vulnerabilities :

It was discovered that ICU contained a race condition affecting
multi-threaded applications. If an application using ICU processed
crafted data, an attacker could cause it to crash or potentially
execute arbitrary code with the privileges of the user invoking the
program (CVE-2013-0900).

It was discovered that ICU incorrectly handled memory operations. If
an application using ICU processed crafted data, an attacker could
cause it to crash or potentially execute arbitrary code with the
privileges of the user invoking the program (CVE-2013-2924).

See also :

http://advisories.mageia.org/MGASA-2013-0315.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 70678 ()

Bugtraq ID: 58318
62968

CVE ID: CVE-2013-0900
CVE-2013-2924

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now