Oracle Linux 10 : icu (ELSA-2025-11888)

high Nessus Plugin ID 242945

Synopsis

The remote Oracle Linux host is missing a security update.

Description

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-11888 advisory.

- Resolves: rhbz#1646703 CVE-2018-18928
- Resolves: rhbz#1524820 CVE-2017-17484
- Resolves: rhbz#1510932 CVE-2017-14952
- Resolves: rhbz#1444101 CVE-2017-7867 CVE-2017-7868
- Resolves: rhbz#1377362 CVE-2016-7415
- Resolves: rhbz#1360340 CVE-2016-6293
- Resolves: rhbz#1190131 CVE-2014-7923 CVE-2014-7926 CVE-2014-9654
- Resolves: rhbz#1184811 CVE-2014-6585 CVE-2014-6591
- drop integrated icu.10318.CVE-2013-2924_changeset_34076.patch
- Resolves: rhbz#1015594 CVE-2013-2924 use-after-free
- Resolves: rhbz#766542 CVE-2011-4599 Stack-based buffer overflow
- add icu.8984.CVE-2011-4599.patch
- CVE-2007-4770 CVE-2007-4771 add icu.regexp.patch

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected icu, libicu and / or libicu-devel packages.

See Also

https://linux.oracle.com/errata/ELSA-2025-11888.html

Plugin Details

Severity: High

ID: 242945

File Name: oraclelinux_ELSA-2025-11888.nasl

Version: 1.1

Type: local

Agent: unix

Published: 7/28/2025

Updated: 7/28/2025

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2025-5222

CVSS v3

Risk Factor: High

Base Score: 7

Temporal Score: 6.1

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:oracle:linux:libicu, p-cpe:/a:oracle:linux:icu, cpe:/o:oracle:linux:10, p-cpe:/a:oracle:linux:libicu-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/OracleLinux

Exploit Ease: No known exploits are available

Patch Publication Date: 7/28/2025

Vulnerability Publication Date: 5/27/2025

Reference Information

CVE: CVE-2025-5222