NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2008-01

[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities

securitymandriva.com
Date: Fri Jan 25 2008 - 14:27:29 CST

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:026
http://www.mandriva.com/security/
_______________________________________________________________________

Package : icu
Date : January 25, 2008
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Will Drewry reported multiple flaws in how libicu processed certain
malformed regular expressions. If an application linked against
libicu, such as OpenOffice.org, processed a carefully-crafted regular
expression, it could potentially cause the execution of arbitrary
code with the privileges of the user running the application.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
7be8d05368f1df77edc94bb834c714cd 2008.0/i586/icu-3.6-4.1mdv2008.0.i586.rpm
ef3398e874daf8e90a2ba7ac7905ee0c 2008.0/i586/icu-doc-3.6-4.1mdv2008.0.i586.rpm
119907c5156b986a7416e5bd408d671a 2008.0/i586/libicu-devel-3.6-4.1mdv2008.0.i586.rpm
5838818d204a452c9017212829c4028d 2008.0/i586/libicu36-3.6-4.1mdv2008.0.i586.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b95b013d629d556d89e6330407111615 2008.0/x86_64/icu-3.6-4.1mdv2008.0.x86_64.rpm
169020a3e5467ac5d0f63b7224fe9e38 2008.0/x86_64/icu-doc-3.6-4.1mdv2008.0.x86_64.rpm
896c989a753a991b0aa4f41b3ca35b30 2008.0/x86_64/lib64icu-devel-3.6-4.1mdv2008.0.x86_64.rpm
8fb71c76ca95a77d7a37602a29e044e6 2008.0/x86_64/lib64icu36-3.6-4.1mdv2008.0.x86_64.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHmhvYmqjQ0CJFipgRAm6IAKClD/9ulGmbk7Z7SayIH+BN4/pyIQCfQ+nh
tlWhEvXlMHpfARRF8T+62F8=
=rEPU
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]