DebianDEBIAN:DLA-219-1:C7AC1[SECURITY] [DLA 219-1] icu security update
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
93.5%
Package : icu
Version : 4.4.1-8+squeeze3
CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419
CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926
CVE-2014-7940 CVE-2014-9654
Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library:
CVE-2013-1569
Glyph table issue.
CVE-2013-2383
Glyph table issue.
CVE-2013-2384
Font layout issue.
CVE-2013-2419
Font processing issue.
CVE-2014-6585
Out-of-bounds read.
CVE-2014-6591
Additional out-of-bounds reads.
CVE-2014-7923
Memory corruption in regular expression comparison.
CVE-2014-7926
Memory corruption in regular expression comparison.
CVE-2014-7940
Uninitialized memory.
CVE-2014-9654
More regular expression flaws.
For Debian 6 “Squeeze”, these issues have been fixed in icu version
4.4.1-8+squeeze3.
Attachment:
signature.asc
Description: Digital signature
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 7 | kfreebsd-i386 | libicu-dev | < 4.8.1.1-12+deb7u2 | libicu-dev_4.8.1.1-12+deb7u2_kfreebsd-i386.deb |
| Debian | 7 | ia64 | libicu48 | < 4.8.1.1-12+deb7u2 | libicu48_4.8.1.1-12+deb7u2_ia64.deb |
| Debian | 7 | powerpc | libicu-dev | < 4.8.1.1-12+deb7u2 | libicu-dev_4.8.1.1-12+deb7u2_powerpc.deb |
| Debian | 7 | kfreebsd-i386 | libicu48-dbg | < 4.8.1.1-12+deb7u2 | libicu48-dbg_4.8.1.1-12+deb7u2_kfreebsd-i386.deb |
| Debian | 6 | amd64 | lib32icu-dev | < 4.4.1-8+squeeze3 | lib32icu-dev_4.4.1-8+squeeze3_amd64.deb |
| Debian | 7 | sparc | libicu48-dbg | < 4.8.1.1-12+deb7u2 | libicu48-dbg_4.8.1.1-12+deb7u2_sparc.deb |
| Debian | 7 | powerpc | libicu48-dbg | < 4.8.1.1-12+deb7u2 | libicu48-dbg_4.8.1.1-12+deb7u2_powerpc.deb |
| Debian | 7 | armhf | libicu48 | < 4.8.1.1-12+deb7u2 | libicu48_4.8.1.1-12+deb7u2_armhf.deb |
| Debian | 7 | amd64 | libicu48 | < 4.8.1.1-12+deb7u2 | libicu48_4.8.1.1-12+deb7u2_amd64.deb |
| Debian | 6 | i386 | libicu44-dbg | < 4.4.1-8+squeeze3 | libicu44-dbg_4.4.1-8+squeeze3_i386.deb |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
93.5%