ASA-201711-26 log generated external raw

[ASA-201711-26] lib32-icu: arbitrary code execution
Arch Linux Security Advisory ASA-201711-26 ========================================== Severity: Critical Date : 2017-11-20 CVE-ID : CVE-2017-14952 Package : lib32-icu Type : arbitrary code execution Remote : Yes Link : Summary ======= The package lib32-icu before version 60.1-1 is vulnerable to arbitrary code execution. Resolution ========== Upgrade to 60.1-1. # pacman -Syu "lib32-icu>=60.1-1" The problem has been fixed upstream in version 60.1. Workaround ========== None. Description =========== Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Impact ====== A remote attacker is able to execute arbitrary code on the affected host via a specially crafted string. References ==========