Bug 33284 - icu: Multiple issues (3.2)
icu: Multiple issues (3.2)
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.0
Other Linux
: P3 normal (vote)
: UCS 3.2-6-errata
Assigned To: Arvid Requate
Philipp Hahn
:
: 37630 (view as bug list)
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-11-12 11:22 CET by Moritz Muehlenhoff
Modified: 2015-08-21 13:13 CEST (History)
3 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Ticket number:
Bug group (optional): Security
Max CVSS v3 score:
requate: Patch_Available+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Moritz Muehlenhoff univentionstaff 2013-11-12 11:22:22 CET
+++ This bug was initially created as a clone of Bug #30726 +++

Memory corruption in UTF8 handling (CVE-2013-2924)
Comment 1 Moritz Muehlenhoff univentionstaff 2015-02-02 06:57:46 CET
*** Bug 37630 has been marked as a duplicate of this bug. ***
Comment 2 Moritz Muehlenhoff univentionstaff 2015-02-02 06:58:06 CET
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. (CVE-2014-7923)

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. (CVE-2014-7926)

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. (CVE-2014-7940)

Additional issues: CVE-2014-6585 CVE-2014-6591
Comment 3 Moritz Muehlenhoff univentionstaff 2015-02-06 08:00:57 CET
Denial of service in regular expression handling (CVE-2014-9654, CVE-2015-1205)
Comment 4 Arvid Requate univentionstaff 2015-03-17 18:18:25 CET
CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419:

Potential execution of arbitrary code with user privileges due to incorrect memory handling while processing fonts.
Comment 5 Arvid Requate univentionstaff 2015-05-11 12:34:48 CEST
Heap overflow (CVE-2014-8146)
Integer overflow (CVE-2014-8147)
Comment 6 Arvid Requate univentionstaff 2015-07-16 12:00:26 CEST
* missing boundary checks in layout engine (CVE-2015-4760)
Comment 7 Arvid Requate univentionstaff 2015-08-17 12:09:16 CEST
Fixed in 4.4.1-8+squeeze4

Not affected by CVE-2014-8146 CVE-2014-8147 (Code not present)
Comment 8 Arvid Requate univentionstaff 2015-08-18 14:27:35 CEST
No affected by CVE-2013-2924.

Advisory: 2015-08-18-icu.yaml
Comment 9 Philipp Hahn univentionstaff 2015-08-19 14:06:02 CEST
OK: DEBIAN_FRONTEND=noninteractive aptitude install '?source-package(^icu$)~i'
OK: DEBIAN_FRONTEND=noninteractive aptitude install '?source-package(^icu$)?not(?name(udeb))'
OK: amd64 i386
OK: zless /usr/share/doc/libicu44/changelog.Debian.gz # 4.4.1-8+squeeze4
OK: 3.0-2 < errata3.2-6 < 4.0-0

OK: CVE-2013-0900 fixed 4.4.1-8+squeeze2
OK: CVE-2013-2924 fixed 4.4.1-8+squeeze2
OK: CVE-2014-7923 fixed 4.4.1-8+squeeze3
OK: CVE-2014-7926 fixed 4.4.1-8+squeeze3
OK: CVE-2014-7940 fixed 4.4.1-8+squeeze3
OK: CVE-2014-6585 fixed 4.4.1-8+squeeze3
OK: CVE-2014-6591 fixed 4.4.1-8+squeeze3
OK: CVE-2014-9654 fixed 4.4.1-8+squeeze3
FYI: CVE-2015-1205=scr:chromium-browser -> CVE-2014-9654=src:icu
OK: CVE-2013-1569 fixed 4.4.1-8+squeeze3
OK: CVE-2013-2383 fixed 4.4.1-8+squeeze3
OK: CVE-2013-2384 fixed 4.4.1-8+squeeze3
OK: CVE-2013-2419 fixed 4.4.1-8+squeeze3
OK: CVE-2014-8146 <not-affected>
OK: CVE-2014-8147 <not-affected>
OK: CVE-2015-4760 fixed 4.4.1-8+squeeze4

OK: make -C /usr/share/doc/libicu-dev/examples
OK: openoffice.org

OK: 2015-08-18-icu.yaml
OK: errata-announce -V 2015-08-18-icu.yaml

(In reply to Arvid Requate from comment #8)
> No affected by CVE-2013-2924.
Affected, but fixed in Debian package 4.4.1-8+squeeze2.
Comment 10 Janek Walkenhorst univentionstaff 2015-08-21 13:13:18 CEST
<http://errata.univention.de/ucs/3.2/356.html>