Security issues (solved in Debian) - affecting icu52 in trusty

Bug #1684298 reported by Andrei Coada
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
icu (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Date Reported:
19 Apr 2017

Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.

More information:
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5.

CVE References

information type: Public → Public Security
description: updated
summary: - Security issues (solved in Debian)
+ Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
+ trusty
summary: - Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
- trusty
+ Security issues (solved in Debian) - affecting icu52 in trusty
information type: Public Security → Public
information type: Public → Public Security
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 57.1-5ubuntu0.1

---------------
icu (57.1-5ubuntu0.1) zesty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:14:14 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 57.1-4ubuntu0.2

---------------
icu (57.1-4ubuntu0.2) yakkety-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:32:50 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 52.1-3ubuntu0.6

---------------
icu (52.1-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 09:43:38 -0400

Changed in icu (Ubuntu):
status: New → Fix Released
Revision history for this message
Andrei Coada (raziel.kernel) wrote :

Thank you, Janitor ! :)

To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.