exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Debian Linux Security Advisory 1511-1

Debian Linux Security Advisory 1511-1
Posted Mar 3, 2008
Authored by Debian | Site debian.org

Debian Security Advisory 1511-1 - libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. A heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack.

tags | advisory, denial of service, overflow
systems | linux, debian
advisories | CVE-2007-4770, CVE-2007-4771
SHA-256 | 140c09e90595d14615d4bf880f781588fb7701045a1ed81c3c493c98a2ec1c87

Debian Linux Security Advisory 1511-1

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------
Debian Security Advisory DSA-1511-1 security@debian.org
http://www.debian.org/security/ Steve Kemp
March 03, 2008 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : libicu
Vulnerability : various
Problem type : local
Debian-specific: no
CVE Id(s) : 2007-4770 2007-4771
Debian Bug : 463688

Several local vulnerabilities have been discovered in libicu,
International Components for Unicode, The Common Vulnerabilities and
Exposures project identifies the following problems:

CVE-2007-4770
libicu in International Components for Unicode (ICU) 3.8.1 and earlier
attempts to process backreferences to the nonexistent capture group
zero (aka \0), which might allow context-dependent attackers to read
from, or write to, out-of-bounds memory locations, related to
corruption of REStackFrames.

CVE-2007-4771
Heap-based buffer overflow in the doInterval function in regexcmp.cpp
in libicu in International Components for Unicode (ICU) 3.8.1 and
earlier allows context-dependent attackers to cause a denial of
service (memory consumption) and possibly have unspecified other
impact via a regular expression that writes a large amount of data to
the backtracking stack.

For the stable distribution (etch), these problems have been fixed in
version 3.6-2etch1.

For the unstable distribution (sid), these problems have been fixed in
version 3.8-6.

We recommend that you upgrade your libicu package.


Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Source archives:

http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.dsc
Size/MD5 checksum: 591 13dcea6b1c9a282147b99c4867db6ee8
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch1.diff.gz
Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch1_all.deb
Size/MD5 checksum: 3332194 5da76263265814905245b97daec4c1c3

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_alpha.deb
Size/MD5 checksum: 7028746 b6b13d0fa262501923c97a859b400d10
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_alpha.deb
Size/MD5 checksum: 5581984 0cd37ce9f234b9207accc424dc191f49

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb
Size/MD5 checksum: 6585582 9fe0ee74625a985628c9af096dd13827
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_amd64.deb
Size/MD5 checksum: 5444228 250851db4a613e9a5d0029d73c1196c0

arm architecture (ARM)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_arm.deb
Size/MD5 checksum: 6631114 a73ff442415ca3bc336f1fb49e3aa701
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_arm.deb
Size/MD5 checksum: 5458358 c6d533fd7c1c51efbac58d2a96a386fb

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_hppa.deb
Size/MD5 checksum: 7090294 aadca0bc8fb9307ea7fe293406a10e5f
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_hppa.deb
Size/MD5 checksum: 5909956 07bd8e6c733072fca8b96cc10e210a68

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_i386.deb
Size/MD5 checksum: 5468656 532aa02d6d67d4b6527ac8c29c9d110e
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_i386.deb
Size/MD5 checksum: 6465540 bfd4d908b552bba2d871771f86369ec7

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_ia64.deb
Size/MD5 checksum: 7238880 10b410fcd460e47c3619de88167b74f5
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_ia64.deb
Size/MD5 checksum: 5865536 dbc0ec913f08682cec4f1b75d35e0531

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_mips.deb
Size/MD5 checksum: 7047506 c0b327e8229d1d4d33131453cdac6508
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_mips.deb
Size/MD5 checksum: 5748172 126a2f0bb4b61cc54d70edb882191576

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_powerpc.deb
Size/MD5 checksum: 5747754 8bc631ad394a86e11c24c5b9ffd76f1d
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_powerpc.deb
Size/MD5 checksum: 6888906 c5542d6d957327fd6f540029f4195772

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_s390.deb
Size/MD5 checksum: 5776762 16a114247a39201f3966ff4f22b80342
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_s390.deb
Size/MD5 checksum: 6895102 15624240d20d2e0aa7a29bbc90895908

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch1_sparc.deb
Size/MD5 checksum: 5671256 2c7a50b1fe50dbe4b3ef8995d91e5946
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch1_sparc.deb
Size/MD5 checksum: 6771832 84a95a10934106c8cfc409032191de98


These files will probably be moved into the stable distribution on
its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFHzGoFwM/Gs81MDZ0RApgrAJ9Jd4cpLRAJ7WTQAnnpd8d4K3/mvwCeNusV
OLKQ6zeO2ePgNnldMI08TRU=
=ay/5
-----END PGP SIGNATURE-----
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    18 Files
  • 19
    Nov 19th
    7 Files
  • 20
    Nov 20th
    13 Files
  • 21
    Nov 21st
    6 Files
  • 22
    Nov 22nd
    48 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    60 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    44 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close