Univention Bugzilla – Bug 33284
icu: Multiple issues (3.2)
Last modified: 2015-08-21 13:13:18 CEST
+++ This bug was initially created as a clone of Bug #30726 +++ Memory corruption in UTF8 handling (CVE-2013-2924)
*** Bug 37630 has been marked as a duplicate of this bug. ***
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. (CVE-2014-7923) The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. (CVE-2014-7926) The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. (CVE-2014-7940) Additional issues: CVE-2014-6585 CVE-2014-6591
Denial of service in regular expression handling (CVE-2014-9654, CVE-2015-1205)
CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419: Potential execution of arbitrary code with user privileges due to incorrect memory handling while processing fonts.
Heap overflow (CVE-2014-8146) Integer overflow (CVE-2014-8147)
* missing boundary checks in layout engine (CVE-2015-4760)
Fixed in 4.4.1-8+squeeze4 Not affected by CVE-2014-8146 CVE-2014-8147 (Code not present)
No affected by CVE-2013-2924. Advisory: 2015-08-18-icu.yaml
OK: DEBIAN_FRONTEND=noninteractive aptitude install '?source-package(^icu$)~i' OK: DEBIAN_FRONTEND=noninteractive aptitude install '?source-package(^icu$)?not(?name(udeb))' OK: amd64 i386 OK: zless /usr/share/doc/libicu44/changelog.Debian.gz # 4.4.1-8+squeeze4 OK: 3.0-2 < errata3.2-6 < 4.0-0 OK: CVE-2013-0900 fixed 4.4.1-8+squeeze2 OK: CVE-2013-2924 fixed 4.4.1-8+squeeze2 OK: CVE-2014-7923 fixed 4.4.1-8+squeeze3 OK: CVE-2014-7926 fixed 4.4.1-8+squeeze3 OK: CVE-2014-7940 fixed 4.4.1-8+squeeze3 OK: CVE-2014-6585 fixed 4.4.1-8+squeeze3 OK: CVE-2014-6591 fixed 4.4.1-8+squeeze3 OK: CVE-2014-9654 fixed 4.4.1-8+squeeze3 FYI: CVE-2015-1205=scr:chromium-browser -> CVE-2014-9654=src:icu OK: CVE-2013-1569 fixed 4.4.1-8+squeeze3 OK: CVE-2013-2383 fixed 4.4.1-8+squeeze3 OK: CVE-2013-2384 fixed 4.4.1-8+squeeze3 OK: CVE-2013-2419 fixed 4.4.1-8+squeeze3 OK: CVE-2014-8146 <not-affected> OK: CVE-2014-8147 <not-affected> OK: CVE-2015-4760 fixed 4.4.1-8+squeeze4 OK: make -C /usr/share/doc/libicu-dev/examples OK: openoffice.org OK: 2015-08-18-icu.yaml OK: errata-announce -V 2015-08-18-icu.yaml (In reply to Arvid Requate from comment #8) > No affected by CVE-2013-2924. Affected, but fixed in Debian package 4.4.1-8+squeeze2.
<http://errata.univention.de/ucs/3.2/356.html>