Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3187.NASL
HistoryMar 17, 2015 - 12:00 a.m.

Debian DSA-3187-1 : icu - security update

2015-03-1700:00:00
This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
JSON

Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

  • CVE-2013-1569 Glyph table issue.

  • CVE-2013-2383 Glyph table issue.

  • CVE-2013-2384 Font layout issue.

  • CVE-2013-2419 Font processing issue.

  • CVE-2014-6585 Out-of-bounds read.

  • CVE-2014-6591 Additional out-of-bounds reads.

  • CVE-2014-7923 Memory corruption in regular expression comparison.

  • CVE-2014-7926 Memory corruption in regular expression comparison.

  • CVE-2014-7940 Uninitialized memory.

  • CVE-2014-9654 More regular expression flaws.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3187. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(81831);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-1569", "CVE-2013-2383", "CVE-2013-2384", "CVE-2013-2419", "CVE-2014-6585", "CVE-2014-6591", "CVE-2014-7923", "CVE-2014-7926", "CVE-2014-7940", "CVE-2014-9654");
  script_bugtraq_id(59131, 59166, 59179, 59190, 72173, 72175);
  script_xref(name:"DSA", value:"3187");

  script_name(english:"Debian DSA-3187-1 : icu - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in the International
Components for Unicode (ICU) library.

  - CVE-2013-1569
    Glyph table issue.

  - CVE-2013-2383
    Glyph table issue.

  - CVE-2013-2384
    Font layout issue.

  - CVE-2013-2419
    Font processing issue.

  - CVE-2014-6585
    Out-of-bounds read.

  - CVE-2014-6591
    Additional out-of-bounds reads.

  - CVE-2014-7923
    Memory corruption in regular expression comparison.

  - CVE-2014-7926
    Memory corruption in regular expression comparison.

  - CVE-2014-7940
    Uninitialized memory.

  - CVE-2014-9654
    More regular expression flaws."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776264"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776265"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776719"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1569"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2384"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-2419"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-6585"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-6591"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-7923"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-7926"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-7940"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9654"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/icu"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3187"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the icu packages.

For the stable distribution (wheezy), these problems have been fixed
in version 4.8.1.1-12+deb7u2.

For the upcoming stable (jessie) and unstable (sid) distributions,
these problems have been fixed in version 52.1-7.1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:icu");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/03/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"icu-doc", reference:"4.8.1.1-12+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libicu-dev", reference:"4.8.1.1-12+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libicu48", reference:"4.8.1.1-12+deb7u2")) flag++;
if (deb_check(release:"7.0", prefix:"libicu48-dbg", reference:"4.8.1.1-12+deb7u2")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxicup-cpe:/a:debian:debian_linux:icu
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

References

Related

nessus 44
securityvulns 4
openvas 55
ubuntu 4
debian 3
osv 2
fedora 17
gentoo 1
mageia 2
cve 10
debiancve 10
prion 10
ubuntucve 10
veracode 6
ibm 5
seebug 1
exploitpack 1
zdt 1
suse 2
zdi 3
redhat 3
packetstorm 1
exploitdb 1
centos 1
oraclelinux 1
amazon 1
nessus
nessus
Ubuntu 12.04 LTS : icu vulnerabilities (USN-2522-3)
2015-03-11 00:00:00
Ubuntu 12.04 LTS : icu regression (USN-2522-2)
2015-03-09 00:00:00
Ubuntu 14.04 LTS : ICU vulnerabilities (USN-2522-1)
2015-03-06 00:00:00
securityvulns
securityvulns
[USN-2522-1] ICU vulnerabilities
2015-03-07 00:00:00
libicu multiple security vulnerabilities
2015-03-07 00:00:00
SEC Consult SA-20130417-1 :: Java ActiveX Control Memory Corruption
2013-04-22 00:00:00
openvas
openvas
Ubuntu Update for icu USN-2522-2
2015-03-07 00:00:00
Ubuntu Update for icu USN-2522-3
2015-03-11 00:00:00
Debian Security Advisory DSA 3187-1 (icu - security update)
2015-03-15 00:00:00
ubuntu
ubuntu
ICU regression
2015-03-06 00:00:00
ICU vulnerabilities
2015-03-10 00:00:00
ICU vulnerabilities
2015-03-05 00:00:00
debian
debian
[SECURITY] [DLA 219-1] icu security update
2015-05-14 09:45:27
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
[SECURITY] [DSA 3187-1] icu security update
2015-03-15 05:02:23
osv
osv
icu - security update
2015-03-15 00:00:00
icu - security update
2015-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: icu-54.1-5.fc23
2015-09-24 05:27:12
[SECURITY] Fedora 22 Update: icu-54.1-4.fc22
2015-10-13 17:07:12
[SECURITY] Fedora 21 Update: icu-52.1-6.fc21
2015-04-28 12:58:53
gentoo
gentoo
ICU: Multiple Vulnerabilities
2015-03-14 00:00:00
mageia
mageia
Updated icu packages fix security vulnerabilities
2015-01-31 16:23:52
Updated icu packages fix security vulnerability
2015-03-10 19:48:25
cve
cve
CVE-2014-9654
2017-04-24 06:59:00
CVE-2013-2383
2013-04-17 18:55:00
CVE-2013-2384
2013-04-17 18:55:00
debiancve
debiancve
CVE-2014-9654
2017-04-24 06:59:00
CVE-2013-2384
2013-04-17 18:55:00
CVE-2013-2383
2013-04-17 18:55:00
prion
prion
Memory corruption
2017-04-24 06:59:00
Design/Logic Flaw
2013-04-17 18:55:00
Design/Logic Flaw
2013-04-17 18:55:00
ubuntucve
ubuntucve
CVE-2014-9654
2015-02-05 00:00:00
CVE-2013-2383
2013-04-17 00:00:00
CVE-2013-2384
2013-04-17 00:00:00
veracode
veracode
Information Disclosure
2019-01-15 09:04:21
Information Disclosure
2019-05-02 05:07:16
Improper Access Control
2019-05-02 04:44:36
ibm
ibm
Security Bulletin: TADDM is vulnerable to a denial of service due to vulnerabilities in ICU4J Library
2023-04-26 14:21:56
Security Bulletin: A vulnerability in icu affects IBM Flex System Manager (FSM) (CVE-2014-9654)
2018-06-18 01:30:48
Security Bulletin: Vulnerability in icu affects IBM Flex System Chassis Management Module (CVE-2014-9654)
2019-01-31 02:25:02
seebug
seebug
Java Web Start Launcher ActiveX Control - Memory Corruption
2014-07-01 00:00:00
exploitpack
exploitpack
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
zdt
zdt
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
suse
suse
Security update for Java 1.4.2 (important)
2013-06-10 18:09:23
Security update for java-1_6_0-openjdk (important)
2013-05-21 20:04:20
zdi
zdi
Oracle Java mort TTF Table Remote Code Execution Vulnerability
2013-05-10 00:00:00
Oracle Java GSUB TTF Table LookupCount Remote Code Execution Vulnerability
2013-05-10 00:00:00
Oracle Java mort TTF Table Ligature Substitution Remote Code Execution Vulnerability
2013-05-10 00:00:00
redhat
redhat
(RHSA-2013:0855) Important: java-1.5.0-ibm security update
2013-05-22 00:00:00
(RHSA-2015:0136) Important: java-1.5.0-ibm security update
2015-02-05 00:00:00
(RHSA-2013:0770) Important: java-1.6.0-openjdk security update
2013-04-24 00:00:00
packetstorm
packetstorm
Java Web Start Launcher Memory Corruption
2013-04-17 00:00:00
exploitdb
exploitdb
Java Web Start Launcher ActiveX Control - Memory Corruption
2013-04-18 00:00:00
centos
centos
java security update
2013-04-24 20:56:24
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-04-24 00:00:00
amazon
amazon
Important: java-1.6.0-openjdk
2013-04-25 20:40:00
JSON
Related for DEBIAN_DSA-3187.NASL
nessus44securityvulns4openvas55ubuntu4debian3osv2fedora17gentoo1mageia2cve10debiancve10prion10ubuntucve10veracode6ibm5seebug1exploitpack1zdt1suse2zdi3redhat3packetstorm1exploitdb1centos1oraclelinux1amazon1