Security issues (solved in Debian) - affecting icu52 in trusty

Bug #1684298 reported by Andrei Coada on 2017-04-19
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
icu (Ubuntu)
Undecided
Unassigned

Bug Description

Date Reported:
19 Apr 2017

Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.

More information:
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5.

CVE References

information type: Public → Public Security
description: updated
summary: - Security issues (solved in Debian)
+ Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
+ trusty
summary: - Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
- trusty
+ Security issues (solved in Debian) - affecting icu52 in trusty
information type: Public Security → Public
information type: Public → Public Security
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 57.1-5ubuntu0.1

---------------
icu (57.1-5ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:14:14 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 57.1-4ubuntu0.2

---------------
icu (57.1-4ubuntu0.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:32:50 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 52.1-3ubuntu0.6

---------------
icu (52.1-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 09:43:38 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Andrei Coada (raziel.kernel) wrote :

Thank you, Janitor ! :)

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers