what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Security Advisory 3323-1

Debian Security Advisory 3323-1
Posted Aug 4, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3323-1 - Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2014-6585, CVE-2014-8146, CVE-2014-8147, CVE-2015-4760
SHA-256 | 988eed108461e0e97b69a6479fa74081ae7c0ad3df5f1721f492535204c30fe0

Debian Security Advisory 3323-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3323-1 security@debian.org
https://www.debian.org/security/ Laszlo Boszormenyi
August 01, 2015 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : icu
CVE ID : CVE-2014-6585 CVE-2014-8146 CVE-2014-8147 CVE-2015-4760
Debian Bug : 778511 784773

Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.

CVE-2014-8146

The Unicode Bidirectional Algorithm implementation does not properly
track directionally isolated pieces of text, which allows remote
attackers to cause a denial of service (heap-based buffer overflow)
or possibly execute arbitrary code via crafted text.

CVE-2014-8147

The Unicode Bidirectional Algorithm implementation uses an integer
data type that is inconsistent with a header file, which allows
remote attackers to cause a denial of service (incorrect malloc
followed by invalid free) or possibly execute arbitrary code via
crafted text.

CVE-2015-4760

The Layout Engine was missing multiple boundary checks. These could
lead to buffer overflows and memory corruption. A specially crafted
file could cause an application using ICU to parse untrusted font
files to crash and, possibly, execute arbitrary code.

Additionally, it was discovered that the patch applied to ICU in DSA-3187-1
for CVE-2014-6585 was incomplete, possibly leading to an invalid memory
access. This could allow remote attackers to disclose portion of private
memory via crafted font files.

For the oldstable distribution (wheezy), these problems have been fixed
in version 4.8.1.1-12+deb7u3.

For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u2.

For the testing distribution (stretch), these problems have been fixed
in version 52.1-10.

For the unstable distribution (sid), these problems have been fixed in
version 52.1-10.

We recommend that you upgrade your icu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJVvO7bAAoJEK+lG9bN5XPLqVIP/2alCRdRKIAMleoNl1Eivpyz
bkOww5mqMUezKBN/vcuZuIXaCXDbmEedCuqYsBs3+bKjyUunudrcMBHJ7fJoV19U
5cPQO/JGZtL9WPl2HowuWcsApvitiHgc37kblSUr2trmGtMUjm8glVnrI97qty9e
Ory0Dbc8d4AYNlfV4jmJbqPXRRyxRFNObBwqoXvUNJ1sgUT1nyLt6QVYOqV07+Jy
Vw6JJeqryNdpeMMBcAOlnSLSbjmmAxXDjs2HxUqWqZg8RHnnn2Dr45MQK/dymkdj
xu2YBTT4cXAzvBtBTrpppj+9Dc+/nMfT47z1vncaiLFU8FBdt51Via8kutmut8ao
7zqqtcYiOn1/iUqxOOzlaqfVf+DMswhqaQmzGFNDI4ajMoC6M2Wf917AHt306W9p
Ekk6aS9uVWrdZd2O1IawZ+scFETitNSE9nkNTyfRo75RhfHexAY1W3oeoVfTGMR4
gH+vkvqE2vQVDLLOdZDaMCtCKrurHgPhX+VGdaoHW0QD7wuNEbXoC2jvln0NLm1t
VzHT3RtqdpmZvNGmCTL7muS/tVdgapNCavWEh4u1oDPB7DHDK8QYH4IJmi/sbfWP
a9HC61Utok3TV4m+/G7THx4gvvKb13/4wfL0WMU5WOAaLUOpqSxXcDqJH5syytEu
U5aclxl6oM8/CXeYbYQ8
=WKJI
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close