Security issues (solved in Debian) - affecting icu52 in trusty
Bug #1684298 reported by
Andrei Coada
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
icu (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Date Reported:
19 Apr 2017
Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
More information:
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.
For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5.
information type: | Public → Public Security |
description: | updated |
summary: |
- Security issues (solved in Debian) + Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 + trusty |
summary: |
- Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 - trusty + Security issues (solved in Debian) - affecting icu52 in trusty |
information type: | Public Security → Public |
information type: | Public → Public Security |
To post a comment you must log in.
This bug was fixed in the package icu - 57.1-5ubuntu0.1
---------------
icu (57.1-5ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in common/utext.cpp patches/ CVE-2017- 786x.patch: properly handle chunk size in common/ utext.cpp, added test to test/intltest/ utxttest. cpp, source/ test/intltest/ utxttest. h.
(LP: #1684298)
- debian/
source/
source/
- CVE-2017-7867
- CVE-2017-7868
-- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:14:14 -0400