CVE-2011-4599

Publication date 15 December 2011

Last updated 24 July 2024


Ubuntu priority

Stack-based buffer overflow in the _canonicalize function in common/uloc.c in International Components for Unicode (ICU) before 49.1 allows remote attackers to execute arbitrary code via a crafted locale ID that is not properly handled during variant canonicalization.

Read the notes from the security team

Status

Package Ubuntu Release Status
icu 11.10 oneiric
Fixed 4.4.2-2ubuntu0.11.10.1
11.04 natty
Fixed 4.4.2-2ubuntu0.11.04.1
10.10 maverick
Fixed 4.2.1-3ubuntu0.10.10.1
10.04 LTS lucid
Fixed 4.2.1-3ubuntu0.10.04.1
8.04 LTS hardy Ignored end of life

Notes


jdstrand

based on the patch, looks like a heap buffer overflow

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
icu

References

Related Ubuntu Security Notices (USN)

Other references