==========================================================================
Ubuntu Security Notice USN-2605-1
May 11, 2015
icu vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
– Ubuntu 15.04
– Ubuntu 14.10
– Ubuntu 14.04 LTS
Summary:
ICU could be made to crash or run programs as your login if it processed
specially crafted data.
Software Description:
– icu: International Components for Unicode library
Details:
Pedro Ribeiro discovered that ICU incorrectly handled certain memory
operations when processing data. If an application using ICU processed
crafted data, an attacker could cause it to crash or potentially execute
arbitrary code with the privileges of the user invoking the program.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 15.04:
libicu52 52.1-8ubuntu0.1
Ubuntu 14.10:
libicu52 52.1-6ubuntu0.3
Ubuntu 14.04 LTS:
libicu52 52.1-3ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
http://www.ubuntu.com/usn/usn-2605-1
CVE-2014-8146, CVE-2014-8147
Package Information:
https://launchpad.net/ubuntu/+source/icu/52.1-8ubuntu0.1
https://launchpad.net/ubuntu/+source/icu/52.1-6ubuntu0.3
https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.3
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v1
iQIcBAEBCgAGBQJVUMZ4AAoJEGVp2FWnRL6TKhUP/36I0vETXk5TEsKK5a+Quwf9
boDP/HBe1hqtLzMXTKhvVwcy4XLmPDxLjGxMOTdR/peYySnoSdoD7tPJeHQpqipI
NY5L9xO1hFvvD3fKipLW0ypZ6Zj/OW/hPq0GHnGNCzKzc7mzMknDBe2W3elTZHec
dVRPTBFMJUExQDmrQ/JA/EjDa41Tx32Zyc2s41tHLqrru+sn8+VCwtjTGxCotQS2
i8U8u3ayc0n/hTSM9V8MbnOuqKeX8y1n6LCDpOng5gys+HbDmZ6V2hj0ZLJzaXTB
yzTWfxdtYc+UeaLbhHIvYhf1at9yFy4eiLDcYBE7YNKvco5b5Lj9rPFC1AoB75hn
ivFd23C6FUsq8O22ScmUQX/Fy0GsW5QwZK5ZAEfJtxgydRJgXF0PsVdUTJTHGWuL
Iw0zyZMavSCmYXhhqYjH4wbfHouAvhAm7rW9Z9qqFrunoVrzpRWipIMf/Axb6BWU
xn9lF7d1rsT0iLPR3d7GS5dQtoHLH6T2IVKd9IHAC5D0CfoRMpzUKOZuyKwYtseF
eP5wBUMlUd65iBmcqZPHslJT/pEG3pIkNFyyUvaKU6COTASeIPYykwJmidEVNFxU
EEP3KLjZ3IiMzXC0vUBbRnyuUF4fOFXO7yyTLergKTqR6UhqhGV6LJ49o8bDHvN/
RsHJrawulYOCEvktUvwM
=auLe
—–END PGP SIGNATURE—–
—