Login
Newsletter
Werbung

Sicherheit: Zwei Probleme in icu
Aktuelle Meldungen Distributionen
Name: Zwei Probleme in icu
ID: MDVSA-2008:026
Distribution: Mandriva
Plattformen: Mandriva 2008.0
Datum: Fr, 25. Januar 2008, 21:31
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
Applikationen: International Components for Unicode (C/C++)

Originalnachricht

This is a multi-part message in MIME format...

------------=_1201293065-4794-9189


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2008:026
http://www.mandriva.com/security/
_______________________________________________________________________

Package : icu
Date : January 25, 2008
Affected: 2008.0
_______________________________________________________________________

Problem Description:

Will Drewry reported multiple flaws in how libicu processed certain
malformed regular expressions. If an application linked against
libicu, such as OpenOffice.org, processed a carefully-crafted regular
expression, it could potentially cause the execution of arbitrary
code with the privileges of the user running the application.

The updated packages have been patched to correct these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2008.0:
7be8d05368f1df77edc94bb834c714cd 2008.0/i586/icu-3.6-4.1mdv2008.0.i586.rpm
ef3398e874daf8e90a2ba7ac7905ee0c
2008.0/i586/icu-doc-3.6-4.1mdv2008.0.i586.rpm
119907c5156b986a7416e5bd408d671a
2008.0/i586/libicu-devel-3.6-4.1mdv2008.0.i586.rpm
5838818d204a452c9017212829c4028d
2008.0/i586/libicu36-3.6-4.1mdv2008.0.i586.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm

Mandriva Linux 2008.0/X86_64:
b95b013d629d556d89e6330407111615
2008.0/x86_64/icu-3.6-4.1mdv2008.0.x86_64.rpm
169020a3e5467ac5d0f63b7224fe9e38
2008.0/x86_64/icu-doc-3.6-4.1mdv2008.0.x86_64.rpm
896c989a753a991b0aa4f41b3ca35b30
2008.0/x86_64/lib64icu-devel-3.6-4.1mdv2008.0.x86_64.rpm
8fb71c76ca95a77d7a37602a29e044e6
2008.0/x86_64/lib64icu36-3.6-4.1mdv2008.0.x86_64.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)

iD8DBQFHmhvYmqjQ0CJFipgRAm6IAKClD/9ulGmbk7Z7SayIH+BN4/pyIQCfQ+nh
tlWhEvXlMHpfARRF8T+62F8=
=rEPU
-----END PGP SIGNATURE-----


------------=_1201293065-4794-9189
Content-Type: text/plain; name="message-footer.txt"
Content-Disposition: inline; filename="message-footer.txt"
Content-Transfer-Encoding: 8bit

To unsubscribe, send a email to sympa@mandrivalinux.org
with this subject : unsubscribe security-announce
_______________________________________________________
Want to buy your Pack or Services from Mandriva?
Go to http://www.mandrivastore.com
Join the Club : http://www.mandrivaclub.com
_______________________________________________________

------------=_1201293065-4794-9189--
Pro-Linux
Traut euch!
Neue Nachrichten
Werbung