Bug 37629 – icu: Multiple issues (4.0)

Bug 37629 - icu: Multiple issues (4.0)


Summary:	icu: Multiple issues (4.0)

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Security updates
Version:	UCS 4.0
Hardware:	Other Linux

Importance:	P3 normal (vote)
Target Milestone:	UCS 4.0-3-errata
Assigned To:	Stefan Gohmann
QA Contact:	Janek Walkenhorst

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2015-01-27 12:53 CET by Janek Walkenhorst
Modified:	2015-09-02 12:57 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Flags:	requate: Patch_Available+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Janek Walkenhorst

2015-01-27 12:53:07 CET

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. (CVE-2014-7923)

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. (CVE-2014-7926)

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. (CVE-2014-7940)

Comment 1 Janek Walkenhorst

2015-01-27 13:05:36 CET

Additional issues: CVE-2014-6585 CVE-2014-6591

Comment 2 Moritz Muehlenhoff

2015-02-06 08:01:08 CET

Denial of service in regular expression handling (CVE-2014-9654, CVE-2015-1205)

Comment 3 Arvid Requate

2015-03-17 18:18:20 CET

CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419:

Potential execution of arbitrary code with user privileges due to incorrect memory handling while processing fonts.

Comment 4 Arvid Requate

2015-04-30 19:49:46 CEST

Fix available in Debian version 4.8.1.1-12+deb7u2

Comment 5 Arvid Requate

2015-07-16 12:00:19 CEST

* missing boundary checks in layout engine (CVE-2015-4760)

Comment 6 Arvid Requate

2015-08-04 21:13:44 CEST

Fixed in upstream Debian package version 4.8.1.1-12+deb7u2:

* Glyph table issue (CVE-2013-1569)
* Glyph table issue (CVE-2013-2383)
* Font layout issue (CVE-2013-2384)
* Font processing issue (CVE-2013-2419)
* Out-of-bounds read (CVE-2014-6585)
* Additional out-of-bounds reads (CVE-2014-6591)
* Memory corruption in regular expression comparison (CVE-2014-7923)
* Memory corruption in regular expression comparison (CVE-2014-7926)
* Uninitialized memory (CVE-2014-7940)
* More regular expression flaws (CVE-2014-9654).


Fixed in upstream Debian package version 4.8.1.1-12+deb7u3:

* missing boundary checks in layout engine (CVE-2015-4760)
* heap overflow via incorrect isolateCount (CVE-2014-8146)
* integer truncation in the resolveImplicitLevels function (CVE-2014-8147)

Comment 7 Stefan Gohmann

2015-08-28 17:19:11 CEST

(In reply to Moritz Muehlenhoff from comment #2)
> Denial of service in regular expression handling (CVE-2014-9654,
> CVE-2015-1205)

CVE-2015-1205 is a Google Chrome issue: https://security-tracker.debian.org/tracker/CVE-2015-1205

All other CVE have been added:  2015-08-28-icu.yaml

Comment 8 Janek Walkenhorst

2015-09-01 15:39:02 CEST

Advisory: OK
Tests (amd64): OK

Comment 9 Janek Walkenhorst

2015-09-02 12:57:38 CEST

<http://errata.univention.de/ucs/4.0/298.html>