[SECURITY] [DLA 947-1] icu security update

2017-05-2014:28:38

lists.debian.org

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.012

Percentile

85.3%

JSON

Package : icu
Version : 4.8.1.1-12+deb7u7
CVE ID : CVE-2017-7867 CVE-2017-7868

It was discovered that icu, the International Components for Unicode
library, did not correctly validate its input. An attacker could use
this problem to trigger an out-of-bound write through a heap-based
buffer overflow, thus causing a denial of service via application
crash, or potential execution of arbitrary code.

For Debian 7 "Wheezy", these problems have been fixed in version
4.8.1.1-12+deb7u7.

We recommend that you upgrade your icu packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian8mipslibicu52-dbg< 52.1-8+deb8u5libicu52-dbg_52.1-8+deb8u5_mips.deb
Debian7amd64libicu-dev< 4.8.1.1-12+deb7u7libicu-dev_4.8.1.1-12+deb7u7_amd64.deb
Debian7amd64libicu48< 4.8.1.1-12+deb7u7libicu48_4.8.1.1-12+deb7u7_amd64.deb
Debian8kfreebsd-amd64libicu-dev< 52.1-8+deb8u5libicu-dev_52.1-8+deb8u5_kfreebsd-amd64.deb
Debian8amd64icu-devtools< 52.1-8+deb8u5icu-devtools_52.1-8+deb8u5_amd64.deb
Debian8allicu< 52.1-8+deb8u5icu_52.1-8+deb8u5_all.deb
Debian8powerpclibicu52-dbg< 52.1-8+deb8u5libicu52-dbg_52.1-8+deb8u5_powerpc.deb
Debian8ppc64ellibicu52< 52.1-8+deb8u5libicu52_52.1-8+deb8u5_ppc64el.deb
Debian8kfreebsd-i386libicu52-dbg< 52.1-8+deb8u5libicu52-dbg_52.1-8+deb8u5_kfreebsd-i386.deb
Debian8kfreebsd-i386libicu52< 52.1-8+deb8u5libicu52_52.1-8+deb8u5_kfreebsd-i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	8	mips	libicu52-dbg	< 52.1-8+deb8u5	libicu52-dbg_52.1-8+deb8u5_mips.deb
Debian	7	amd64	libicu-dev	< 4.8.1.1-12+deb7u7	libicu-dev_4.8.1.1-12+deb7u7_amd64.deb
Debian	7	amd64	libicu48	< 4.8.1.1-12+deb7u7	libicu48_4.8.1.1-12+deb7u7_amd64.deb
Debian	8	kfreebsd-amd64	libicu-dev	< 52.1-8+deb8u5	libicu-dev_52.1-8+deb8u5_kfreebsd-amd64.deb
Debian	8	amd64	icu-devtools	< 52.1-8+deb8u5	icu-devtools_52.1-8+deb8u5_amd64.deb
Debian	8	all	icu	< 52.1-8+deb8u5	icu_52.1-8+deb8u5_all.deb
Debian	8	powerpc	libicu52-dbg	< 52.1-8+deb8u5	libicu52-dbg_52.1-8+deb8u5_powerpc.deb
Debian	8	ppc64el	libicu52	< 52.1-8+deb8u5	libicu52_52.1-8+deb8u5_ppc64el.deb
Debian	8	kfreebsd-i386	libicu52-dbg	< 52.1-8+deb8u5	libicu52-dbg_52.1-8+deb8u5_kfreebsd-i386.deb
Debian	8	kfreebsd-i386	libicu52	< 52.1-8+deb8u5	libicu52_52.1-8+deb8u5_kfreebsd-i386.deb