From: Marc Deslauriers <marc.deslauriers@canonical.com>

Reply-To: Ubuntu Security <security@ubuntu.com>

To: "ubuntu-security-announce@lists.ubuntu.com"

<ubuntu-security-announce@lists.ubuntu.com>

Message-ID: <9f9783a7-db7a-4210-60bc-9da29ac58f06@canonical.com>

Subject: [USN-3274-1] ICU vulnerabilities



==========================================================================

Ubuntu Security Notice USN-3274-1

May 02, 2017



icu vulnerabilities

==========================================================================



A security issue affects these releases of Ubuntu and its derivatives:



- Ubuntu 17.04

- Ubuntu 16.10

- Ubuntu 16.04 LTS

- Ubuntu 14.04 LTS



Summary:



Several security issues were fixed in ICU.



Software Description:

- icu: International Components for Unicode library



Details:



It was discovered that ICU incorrectly handled certain memory operations

when processing data. If an application using ICU processed crafted data,

a remote attacker could possibly cause it to crash or potentially execute

arbitrary code with the privileges of the user invoking the program.



Update instructions:



The problem can be corrected by updating your system to the following

package versions:



Ubuntu 17.04:

libicu57 57.1-5ubuntu0.1



Ubuntu 16.10:

libicu57 57.1-4ubuntu0.2



Ubuntu 16.04 LTS:

libicu55 55.1-7ubuntu0.2



Ubuntu 14.04 LTS:

libicu52 52.1-3ubuntu0.6



In general, a standard system update will make all the necessary changes.



References:

http://www.ubuntu.com/usn/usn-3274-1

CVE-2017-7867, CVE-2017-7868



Package Information:

https://launchpad.net/ubuntu/+source/icu/57.1-5ubuntu0.1

https://launchpad.net/ubuntu/+source/icu/57.1-4ubuntu0.2

https://launchpad.net/ubuntu/+source/icu/55.1-7ubuntu0.2

https://launchpad.net/ubuntu/+source/icu/52.1-3ubuntu0.6







