- Detalji os-a: WN7
- Važnost: IMP
- Operativni sustavi: L
- Kategorije: LUB
==========================================================================
Ubuntu Security Notice USN-3458-1
October 23, 2017
icu vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS
Summary:
ICU could be made to crash or run arbitrary code as your login
if it received specially crafted input.
Software Description:
– icu: International Components for Unicode library
Details:
It was discovered that ICU incorrectly handled certain inputs. If an
application using ICU processed crafted data, a remote attacker could
possibly cause it to crash or potentially execute arbitrary code with
the privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 17.10:
libicu57 57.1-6ubuntu0.2
Ubuntu 17.04:
libicu57 57.1-5ubuntu0.2
Ubuntu 16.04 LTS:
libicu55 55.1-7ubuntu0.3
Ubuntu 14.04 LTS:
libicu52 52.1-3ubuntu0.7
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3458-1
CVE-2017-14952
Package Information:
https://launchpad.net/ubuntu/+source/icu/57.1-6ubuntu0.2
https://launchpad.net/ubuntu/+source/icu/57.1-5ubuntu0.2
https://launchpad.net/ubuntu/+source/icu/55.1-7ubuntu0.3
https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.7
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJZ7ioIAAoJEEW851uECx9pOVcP/j4Y7ckogBD1tB4yuqTlRE6T
Wl8gQxTkdUbbWo2qvs1oznzRIMBj2qSfaPC/xf/DziVftqURZw3HDEA5+YWW5Lx/
S01i8ECecFxpzGn9DH/j2UQDt1EoC1iCDVwbQkglrML/dCYAIzVR/MMfJT86GZ+B
w9OB0Il706kHRTtW9Pd7To9PglpHTxtrU8ABXcu/IiabisgT+RId3ryR4Ux9gJU+
Z3akJF/dWAEnf8I2xytVplaes9bxt2z3ftOBpcWZYhV9RbCrwy0IkHPnG6AVfCHp
dlZJVgDPDSFCmdfu3tFL1ZtH0uJpPPwHqQEX4Ypy+T7+CMHZXeE1R5J6JPHyxn7m
M7aH8jwiv2w5JX8Y998DngFVB4WFHSU/S4yTKo7pGh/TVx+g+UR1UrO5IhQLiWIm
QAy0Sj2OU5aQB9ZcOx0h7INYMTMCObvxrrZ8Y1+BqiNTaQd/j4JkQDrcXunXZWU+
nuuUEmNsdBbEhxQ+T78vfgklh/+nIN03fLQXlup0MyoEccWVBmO4HaBP/HOb/sAj
apWqA/VE2AL8dIs7EgJcPr7U7mYyxCTj5V2kESv0Ts++aTahLHGJSbqbBeMWfQFT
LN/7ZVyecWqDDUGlIRstThfpIgjA1QfhOHZuikzawpfqDeSR0P+zGc0nAzpCijfa
1Rj/KN2kvgwhSNRWj7wp
=R2Ml
—–END PGP SIGNATURE—–
—
==========================================================================
Ubuntu Security Notice USN-3458-2
October 23, 2017
icu vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 12.04 ESM
Summary:
ICU could be made to crash or run arbitrary code as your login
if it received specially crafted input.
Software Description:
– icu: International Components for Unicode library
Details:
USN-3458-1 fixed a vulnerability in ICU. This update
provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that ICU incorrectly handled certain inputs. If an
application using ICU processed crafted data, a remote attacker could
possibly cause it to crash or potentially execute arbitrary code with
the privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 12.04 ESM:
lib32icu48 4.8.1.1-3ubuntu0.9
libicu48 4.8.1.1-3ubuntu0.9
In general, a standard system update will make all the necessary
changes.
References:
https://www.ubuntu.com/usn/usn-3458-2
https://www.ubuntu.com/usn/usn-3458-1
CVE-2017-14952
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2
iQIcBAABCAAGBQJZ7ju8AAoJEEW851uECx9pwsoP/1LMXP2hdF2W2kwKuDwtTGqs
LXB+t/2kToOsrzfl8YZHP5U1LUHvks6FEnOHbxAPZlYPkgWMOV7MOIjnytaTB+Qh
IWGjRma0DowHgSC5Oe/tL4bAgwsgVnvSi5i1mv5P8jL5hLGPPAawj4U/hQ8nDvbv
tqRfXIy2rJPJ178aBAFSlccU8G66bOxzy5z3mPy1EZ0Ipgo4lgumdzLA/XNoyWgQ
YN0VuZzed4GGycTKYfpYS1Oe44Vd1aq3iDfAJuXzNdwTzNwQQwcCFdmlzuM9RbE4
2Cfy3AW+rU5f/YhUwDyrOJOCv7F5AWgGU1p7wr5pztCfyQeplyL87oQnV/HRAfoD
ZpBH7oUjSzab6k7kprDmDHkUVri/tNvHtrV+r5NkskvWNKTPj4dXbkYpXk29xQxp
8PFhuKSsRoYjhL01WiNuZS1PnTnn324yKHdot1cSDeJPA/IkZRjE6bVpTLTOL4lc
7XSbrumEYDlVPS5NxhJAeKgBYrXUhVUuA8hWw04fBj6fJqSy0kmyEhFjLRo1lPif
UbtTuUbjpDgS0LnjaslMlKTxxt3O4+vo997bycUfIugeD28g9Z5LHHIK+JoIFS8a
9SqM1h+VxxPTZSMzoEbY6Bp9wVVmX7sNjFdu6qrURWJKu8z8j4aunCn83GvbDldH
8uu5qU3+TLDnmZsF/Ggp
=VRKo
—–END PGP SIGNATURE—–
—
| Autor | Danijel Kozinovic |
| Cert id | NCERT-REF-2017-10-0025-ADV |
| Cve | CERT-CVE-DUMMY |
| ID izvornika | CERT-ORIGID-DUMMY |
| Proizvod | CERT-DUMMY-PRODUCT |
| Izvor | http://www.adobe.com/ |
