Debian Security Advisory
DSA-3187-1 icu -- security update
- Date Reported:
- 15 Mar 2015
- Affected Packages:
- icu
- Vulnerable:
- Yes
- Security database references:
- In the Debian bugtracking system: Bug 775884, Bug 776264, Bug 776265, Bug 776719.
In Mitre's CVE dictionary: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654. - More information:
-
Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.
- CVE-2013-1569
Glyph table issue.
- CVE-2013-2383
Glyph table issue.
- CVE-2013-2384
Font layout issue.
- CVE-2013-2419
Font processing issue.
- CVE-2014-6585
Out-of-bounds read.
- CVE-2014-6591
Additional out-of-bounds reads.
- CVE-2014-7923
Memory corruption in regular expression comparison.
- CVE-2014-7926
Memory corruption in regular expression comparison.
- CVE-2014-7940
Uninitialized memory.
- CVE-2014-9654
More regular expression flaws.
For the stable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u2.
For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1.
We recommend that you upgrade your icu packages.
- CVE-2013-1569