lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YX0gx-0005gh-Oy@alpha.psidef.org>
Date: Sun, 15 Mar 2015 01:02:23 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3187-1] icu security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3187-1                   security@...ian.org
http://www.debian.org/security/                           Michael Gilbert
March 15, 2015                         http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419
                 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926
                 CVE-2014-7940 CVE-2014-9654
Debian Bug     : 775884 776264 776265 776719

Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.

CVE-2013-1569

    Glyph table issue.

CVE-2013-2383

    Glyph table issue.

CVE-2013-2384

    Font layout issue.

CVE-2013-2419

    Font processing issue.

CVE-2014-6585

    Out-of-bounds read.

CVE-2014-6591

    Additional out-of-bounds reads.

CVE-2014-7923

    Memory corruption in regular expression comparison.

CVE-2014-7926

    Memory corruption in regular expression comparison.

CVE-2014-7940

    Uninitialized memory.

CVE-2014-9654

    More regular expression flaws.

For the stable distribution (wheezy), these problems have been fixed in
version 4.8.1.1-12+deb7u2.

For the upcoming stable (jessie) and unstable (sid) distributions, these
problems have been fixed in version 52.1-7.1.

We recommend that you upgrade your icu packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQQcBAEBCgAGBQJVBRIKAAoJELjWss0C1vRzffkf/3c3969L9aI5JN/9i+N8cT3a
1wdG7JnH5W990a9nt6zEfpgVT+tNIM0AW3Q7hY7P4ld9rQbht4qKZA2n739cqHiF
tpQwWWv+zPxwYYS9ZLKv36ptnnL4w9Te7IqHyxFkEijxyYO6zyWbxe/yrDIhRh4i
ayQ9RGpqWQk90A/CZCcJm+7DWJu67gU0RVaRVTzPsd1yXnLcpXkmcHJHyUDhHvOF
PhfDIsXdNCqxkt4o/rUkkWM+wU9wIFP1L356QCHU/wtUJjvdfd6bLJH4fbcgaW3f
tzzMRv1Vov78KRxZqdYK8EBJb1BELlHvjmTmkvPuXuflNJT9ioiEi+OM0it24GGI
8bl56KrPxkAlkkfKwJ/0ZKP1UJsHRjTvymV9LY1wNXUTl3TCDbccX4auFq8/r67G
ohI5nhgOT0IHs/hn105LfKAa6IEGa+QvdAto31SYHhqKONkYIUw2XzTXLMgZGLlY
u8QRi9IEd/lSK6M2gsWlGBB0zKZqymzyOOMJXEs/k+iwyenVp486/2Vv5xP3gX6B
Q4NSW6DWU9Ke5XpAT4OkeE0DDSkr6LjsFTRZEudcNHeOmPAuoD9n/mtZOdXcpBqD
3qe/EjqmPSjrKNonWcubeeSonCX8Svxd9nCwTxrKaXHjKanNqWkjulW9+a/86TWT
hDTrE8OIwAnv//kZc57ugNehEqEv9njlhFCI3UI4GFNyAyk7xkE6MDlQxWYqPwt7
ZTU8BFWwnF1wd1rAHijLZRvVCaOy279JrtoIKhfyPxicCZjlRUYDueu7cTe8hvrb
YBeKobGzKuj4qqatKeGfb6zZvmt+FjbS17Z17O7dtGmb9RKTpAbYoipr7kRVCJtX
5pSUpzKFYAnHZAd1B058IjY3Vv4EZE/ugn1InxtAjJ84WaIzGXMG96rWyEYyyNGx
1gi0rygt2Cx9I5akDvmDAnxr6U8VLS/LUQKHp6vR6RU0+VpGn0CkQSgwZK4viEmf
iBsCmHXbLp7K5hvdu3RXqDVjdEnnGP54NARu3u63E/HMs7VvXti0WFJqR1ZqnzIk
y2kcJufPtDFMeLhXAIygF9RgIB/0RgLXQCivwGKaZRiBCWhRgUcWppuJpRiCeXVn
5KsTBWAEn/eGPtut9hCy9wjxCqYYXb/2/jT0l2ZOBKWx7bWsARa0OUxXRFeSONIt
rcYAQHr4ta//pQVyi1wF15lTTLFMrhqKkwS7029deDSV7JuBX+hFObVWQT8c1zjq
UQC269Da7pnps39JWrwukdqKRxyA9/GkyUHtntwKB6dxdEJ8OGtt90V92dUzkHxb
262WsoTQXWX6HMxgp9BDz7TOnAB4BjG1ACKud9GYjp5m46wxgbt5MP5tgSGAm4E=
=4GJD
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ