exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1511-1

Debian Linux Security Advisory 1511-1
Posted Mar 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1511-1 - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. A heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | 140c09e90595d14615d4bf880f781588fb7701045a1ed81c3c493c98a2ec1c87
Download | Favorite | View

Debian Linux Security Advisory 1511-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1511-1                  security@debian.org
http://www.debian.org/security/                               Steve Kemp
March 03, 2008                        http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : libicu
Vulnerability  : various
Problem type   : local
Debian-specific: no
CVE Id(s)      : 2007-4770 2007-4771
Debian Bug     : 463688

Several local vulnerabilities have been discovered in libicu,
International Components for Unicode, The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-4770
  libicu in International Components for Unicode (ICU) 3.8.1 and earlier
  attempts to process backreferences to the nonexistent capture group
  zero (aka \0), which might allow context-dependent attackers to read
  from, or write to, out-of-bounds memory locations, related to
  corruption of REStackFrames.

CVE-2007-4771
  Heap-based buffer overflow in the doInterval function in regexcmp.cpp
  in libicu in International Components for Unicode (ICU) 3.8.1 and
  earlier allows context-dependent attackers to cause a denial of
  service (memory consumption) and possibly have unspecified other
  impact via a regular expression that writes a large amount of data to
  the backtracking stack.

For the stable distribution (etch), these problems have been fixed in
version 3.6-2etch1.

For the unstable distribution (sid), these problems have been fixed in
version 3.8-6.

We recommend that you upgrade your libicu package.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
    Size/MD5 checksum:  9778863 0f1bda1992b4adca62da68a7ad79d830
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc
    Size/MD5 checksum:      591 13dcea6b1c9a282147b99c4867db6ee8
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz
    Size/MD5 checksum:     9552 82e560098b24b245872b163a522a80b8

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb
    Size/MD5 checksum:  3332194 5da76263265814905245b97daec4c1c3

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb
    Size/MD5 checksum:  7028746 b6b13d0fa262501923c97a859b400d10
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb
    Size/MD5 checksum:  5581984 0cd37ce9f234b9207accc424dc191f49

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb
    Size/MD5 checksum:  6585582 9fe0ee74625a985628c9af096dd13827
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb
    Size/MD5 checksum:  5444228 250851db4a613e9a5d0029d73c1196c0

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb
    Size/MD5 checksum:  6631114 a73ff442415ca3bc336f1fb49e3aa701
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb
    Size/MD5 checksum:  5458358 c6d533fd7c1c51efbac58d2a96a386fb

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb
    Size/MD5 checksum:  7090294 aadca0bc8fb9307ea7fe293406a10e5f
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb
    Size/MD5 checksum:  5909956 07bd8e6c733072fca8b96cc10e210a68

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb
    Size/MD5 checksum:  5468656 532aa02d6d67d4b6527ac8c29c9d110e
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb
    Size/MD5 checksum:  6465540 bfd4d908b552bba2d871771f86369ec7

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb
    Size/MD5 checksum:  7238880 10b410fcd460e47c3619de88167b74f5
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb
    Size/MD5 checksum:  5865536 dbc0ec913f08682cec4f1b75d35e0531

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb
    Size/MD5 checksum:  7047506 c0b327e8229d1d4d33131453cdac6508
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_mips.deb
    Size/MD5 checksum:  5748172 126a2f0bb4b61cc54d70edb882191576

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_powerpc.deb
    Size/MD5 checksum:  5747754 8bc631ad394a86e11c24c5b9ffd76f1d
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_powerpc.deb
    Size/MD5 checksum:  6888906 c5542d6d957327fd6f540029f4195772

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_s390.deb
    Size/MD5 checksum:  5776762 16a114247a39201f3966ff4f22b80342
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_s390.deb
    Size/MD5 checksum:  6895102 15624240d20d2e0aa7a29bbc90895908

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_sparc.deb
    Size/MD5 checksum:  5671256 2c7a50b1fe50dbe4b3ef8995d91e5946
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_sparc.deb
    Size/MD5 checksum:  6771832 84a95a10934106c8cfc409032191de98


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHzGoFwM/Gs81MDZ0RApgrAJ9Jd4cpLRAJ7WTQAnnpd8d4K3/mvwCeNusV
OLKQ6zeO2ePgNnldMI08TRU=
=ay/5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close