Univention Bugzilla – Bug 37629
icu: Multiple issues (4.0)
Last modified: 2015-09-02 12:57:38 CEST
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. (CVE-2014-7923) The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. (CVE-2014-7926) The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. (CVE-2014-7940)
Additional issues: CVE-2014-6585 CVE-2014-6591
Denial of service in regular expression handling (CVE-2014-9654, CVE-2015-1205)
CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419: Potential execution of arbitrary code with user privileges due to incorrect memory handling while processing fonts.
Fix available in Debian version 4.8.1.1-12+deb7u2
* missing boundary checks in layout engine (CVE-2015-4760)
Fixed in upstream Debian package version 4.8.1.1-12+deb7u2: * Glyph table issue (CVE-2013-1569) * Glyph table issue (CVE-2013-2383) * Font layout issue (CVE-2013-2384) * Font processing issue (CVE-2013-2419) * Out-of-bounds read (CVE-2014-6585) * Additional out-of-bounds reads (CVE-2014-6591) * Memory corruption in regular expression comparison (CVE-2014-7923) * Memory corruption in regular expression comparison (CVE-2014-7926) * Uninitialized memory (CVE-2014-7940) * More regular expression flaws (CVE-2014-9654). Fixed in upstream Debian package version 4.8.1.1-12+deb7u3: * missing boundary checks in layout engine (CVE-2015-4760) * heap overflow via incorrect isolateCount (CVE-2014-8146) * integer truncation in the resolveImplicitLevels function (CVE-2014-8147)
(In reply to Moritz Muehlenhoff from comment #2) > Denial of service in regular expression handling (CVE-2014-9654, > CVE-2015-1205) CVE-2015-1205 is a Google Chrome issue: https://security-tracker.debian.org/tracker/CVE-2015-1205 All other CVE have been added: 2015-08-28-icu.yaml
Advisory: OK Tests (amd64): OK
<http://errata.univention.de/ucs/4.0/298.html>