[SECURITY] [DSA 4150-1] icu security update

2018-03-2318:46:51

lists.debian.org

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.038 Low

EPSS

Percentile

91.7%

JSON

Debian Security Advisory DSA-4150-1 [email protected]
https://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2018 https://www.debian.org/security/faq

Package : icu
CVE ID : CVE-2017-15422

It was discovered that an integer overflow in the International
Components for Unicode (ICU) library could result in denial of service
and potentially the execution of arbitrary code.

For the oldstable distribution (jessie), this problem has been fixed
in version 52.1-8+deb8u7.

For the stable distribution (stretch), this problem has been fixed in
version 57.1-6+deb9u2.

We recommend that you upgrade your icu packages.

For the detailed security status of icu please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/icu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian9mipslibicu57< 57.1-6+deb9u2libicu57_57.1-6+deb9u2_mips.deb
Debian8ppc64elicu-devtools< 52.1-8+deb8u7icu-devtools_52.1-8+deb8u7_ppc64el.deb
Debian9allicu< 57.1-6+deb9u2icu_57.1-6+deb9u2_all.deb
Debian8armhflibicu52< 52.1-8+deb8u7libicu52_52.1-8+deb8u7_armhf.deb
Debian8allicu-doc< 52.1-8+deb8u7icu-doc_52.1-8+deb8u7_all.deb
Debian9i386libicu57< 57.1-6+deb9u2libicu57_57.1-6+deb9u2_i386.deb
Debian9s390xicu-devtools< 57.1-6+deb9u2icu-devtools_57.1-6+deb9u2_s390x.deb
Debian9mips64ellibicu57< 57.1-6+deb9u2libicu57_57.1-6+deb9u2_mips64el.deb
Debian9arm64icu-devtools-dbg< 57.1-6+deb9u2icu-devtools-dbg_57.1-6+deb9u2_arm64.deb
Debian9i386icu-devtools< 57.1-6+deb9u2icu-devtools_57.1-6+deb9u2_i386.deb

OS	Version	Architecture	Package	Version	Filename
Debian	9	mips	libicu57	< 57.1-6+deb9u2	libicu57_57.1-6+deb9u2_mips.deb
Debian	8	ppc64el	icu-devtools	< 52.1-8+deb8u7	icu-devtools_52.1-8+deb8u7_ppc64el.deb
Debian	9	all	icu	< 57.1-6+deb9u2	icu_57.1-6+deb9u2_all.deb
Debian	8	armhf	libicu52	< 52.1-8+deb8u7	libicu52_52.1-8+deb8u7_armhf.deb
Debian	8	all	icu-doc	< 52.1-8+deb8u7	icu-doc_52.1-8+deb8u7_all.deb
Debian	9	i386	libicu57	< 57.1-6+deb9u2	libicu57_57.1-6+deb9u2_i386.deb
Debian	9	s390x	icu-devtools	< 57.1-6+deb9u2	icu-devtools_57.1-6+deb9u2_s390x.deb
Debian	9	mips64el	libicu57	< 57.1-6+deb9u2	libicu57_57.1-6+deb9u2_mips64el.deb
Debian	9	arm64	icu-devtools-dbg	< 57.1-6+deb9u2	icu-devtools-dbg_57.1-6+deb9u2_arm64.deb
Debian	9	i386	icu-devtools	< 57.1-6+deb9u2	icu-devtools_57.1-6+deb9u2_i386.deb