ASA-201711-25 generated external raw

[ASA-201711-25] icu: arbitrary code execution
Arch Linux Security Advisory ASA-201711-25 ========================================== Severity: Critical Date : 2017-11-19 CVE-ID : CVE-2017-14952 Package : icu Type : arbitrary code execution Remote : Yes Link : Summary ======= The package icu before version 60.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 60.1-1. # pacman -Syu "icu>=60.1-1" The problem has been fixed upstream in version 60.1. Workaround ========== None. Description =========== Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Impact ====== A remote attacker is able to execute arbitrary code on the affected host via a specially crafted string. References ==========