You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa icu

Sigurnosni nedostatak programskog paketa icu

by ncert - 0

==========================================================================
Ubuntu Security Notice USN-3458-1
October 23, 2017

icu vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 17.10
– Ubuntu 17.04
– Ubuntu 16.04 LTS
– Ubuntu 14.04 LTS

Summary:

ICU could be made to crash or run arbitrary code as your login
if it received specially crafted input.

Software Description:
– icu: International Components for Unicode library

Details:

It was discovered that ICU incorrectly handled certain inputs. If an
application using ICU processed crafted data, a remote attacker could
possibly cause it to crash or potentially execute arbitrary code with
the privileges of the user invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 17.10:
  libicu57                        57.1-6ubuntu0.2

Ubuntu 17.04:
  libicu57                        57.1-5ubuntu0.2

Ubuntu 16.04 LTS:
  libicu55                        55.1-7ubuntu0.3

Ubuntu 14.04 LTS:
  libicu52                        52.1-3ubuntu0.7

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3458-1
  CVE-2017-14952

Package Information:
  https://launchpad.net/ubuntu/+source/icu/57.1-6ubuntu0.2
  https://launchpad.net/ubuntu/+source/icu/57.1-5ubuntu0.2
  https://launchpad.net/ubuntu/+source/icu/55.1-7ubuntu0.3
  https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.7
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZ7ioIAAoJEEW851uECx9pOVcP/j4Y7ckogBD1tB4yuqTlRE6T
Wl8gQxTkdUbbWo2qvs1oznzRIMBj2qSfaPC/xf/DziVftqURZw3HDEA5+YWW5Lx/
S01i8ECecFxpzGn9DH/j2UQDt1EoC1iCDVwbQkglrML/dCYAIzVR/MMfJT86GZ+B
w9OB0Il706kHRTtW9Pd7To9PglpHTxtrU8ABXcu/IiabisgT+RId3ryR4Ux9gJU+
Z3akJF/dWAEnf8I2xytVplaes9bxt2z3ftOBpcWZYhV9RbCrwy0IkHPnG6AVfCHp
dlZJVgDPDSFCmdfu3tFL1ZtH0uJpPPwHqQEX4Ypy+T7+CMHZXeE1R5J6JPHyxn7m
M7aH8jwiv2w5JX8Y998DngFVB4WFHSU/S4yTKo7pGh/TVx+g+UR1UrO5IhQLiWIm
QAy0Sj2OU5aQB9ZcOx0h7INYMTMCObvxrrZ8Y1+BqiNTaQd/j4JkQDrcXunXZWU+
nuuUEmNsdBbEhxQ+T78vfgklh/+nIN03fLQXlup0MyoEccWVBmO4HaBP/HOb/sAj
apWqA/VE2AL8dIs7EgJcPr7U7mYyxCTj5V2kESv0Ts++aTahLHGJSbqbBeMWfQFT
LN/7ZVyecWqDDUGlIRstThfpIgjA1QfhOHZuikzawpfqDeSR0P+zGc0nAzpCijfa
1Rj/KN2kvgwhSNRWj7wp
=R2Ml
—–END PGP SIGNATURE—–

==========================================================================
Ubuntu Security Notice USN-3458-2
October 23, 2017

icu vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

– Ubuntu 12.04 ESM

Summary:

ICU could be made to crash or run arbitrary code as your login
if it received specially crafted input.

Software Description:
– icu: International Components for Unicode library

Details:

USN-3458-1 fixed a vulnerability in ICU. This update
provides the corresponding update for Ubuntu 12.04 ESM.

Original advisory details:

 It was discovered that ICU incorrectly handled certain inputs. If an
 application using ICU processed crafted data, a remote attacker could
 possibly cause it to crash or potentially execute arbitrary code with
 the privileges of the user invoking the program.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 12.04 ESM:
  lib32icu48                      4.8.1.1-3ubuntu0.9
  libicu48                        4.8.1.1-3ubuntu0.9

In general, a standard system update will make all the necessary
changes.

References:
  https://www.ubuntu.com/usn/usn-3458-2
  https://www.ubuntu.com/usn/usn-3458-1
  CVE-2017-14952
—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2

iQIcBAABCAAGBQJZ7ju8AAoJEEW851uECx9pwsoP/1LMXP2hdF2W2kwKuDwtTGqs
LXB+t/2kToOsrzfl8YZHP5U1LUHvks6FEnOHbxAPZlYPkgWMOV7MOIjnytaTB+Qh
IWGjRma0DowHgSC5Oe/tL4bAgwsgVnvSi5i1mv5P8jL5hLGPPAawj4U/hQ8nDvbv
tqRfXIy2rJPJ178aBAFSlccU8G66bOxzy5z3mPy1EZ0Ipgo4lgumdzLA/XNoyWgQ
YN0VuZzed4GGycTKYfpYS1Oe44Vd1aq3iDfAJuXzNdwTzNwQQwcCFdmlzuM9RbE4
2Cfy3AW+rU5f/YhUwDyrOJOCv7F5AWgGU1p7wr5pztCfyQeplyL87oQnV/HRAfoD
ZpBH7oUjSzab6k7kprDmDHkUVri/tNvHtrV+r5NkskvWNKTPj4dXbkYpXk29xQxp
8PFhuKSsRoYjhL01WiNuZS1PnTnn324yKHdot1cSDeJPA/IkZRjE6bVpTLTOL4lc
7XSbrumEYDlVPS5NxhJAeKgBYrXUhVUuA8hWw04fBj6fJqSy0kmyEhFjLRo1lPif
UbtTuUbjpDgS0LnjaslMlKTxxt3O4+vo997bycUfIugeD28g9Z5LHHIK+JoIFS8a
9SqM1h+VxxPTZSMzoEbY6Bp9wVVmX7sNjFdu6qrURWJKu8z8j4aunCn83GvbDldH
8uu5qU3+TLDnmZsF/Ggp
=VRKo
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Ranjivost Cisco AMP for Endpoints servisa

Otkrivena je ranjivost kod Cisco AMP for Endpoints zaštite za krajnje aplikacije. Otkrivena ranjivost omogućuje potencijalnom lokalnom autenticiranom napadaču da...

Close