[ MDVSA-2008:026 ] - Updated icu packages fix vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2008:026
http://www.mandriva.com/security/
_______________________________________________________________________
Package : icu
Date : January 25, 2008
Affected: 2008.0
_______________________________________________________________________
Problem Description:
Will Drewry reported multiple flaws in how libicu processed certain
malformed regular expressions. If an application linked against
libicu, such as OpenOffice.org, processed a carefully-crafted regular
expression, it could potentially cause the execution of arbitrary
code with the privileges of the user running the application.
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
7be8d05368f1df77edc94bb834c714cd 2008.0/i586/icu-3.6-4.1mdv2008.0.i586.rpm
ef3398e874daf8e90a2ba7ac7905ee0c 2008.0/i586/icu-doc-3.6-4.1mdv2008.0.i586.rpm
119907c5156b986a7416e5bd408d671a
2008.0/i586/libicu-devel-3.6-4.1mdv2008.0.i586.rpm
5838818d204a452c9017212829c4028d
2008.0/i586/libicu36-3.6-4.1mdv2008.0.i586.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
b95b013d629d556d89e6330407111615 2008.0/x86_64/icu-3.6-4.1mdv2008.0.x86_64.rpm
169020a3e5467ac5d0f63b7224fe9e38
2008.0/x86_64/icu-doc-3.6-4.1mdv2008.0.x86_64.rpm
896c989a753a991b0aa4f41b3ca35b30
2008.0/x86_64/lib64icu-devel-3.6-4.1mdv2008.0.x86_64.rpm
8fb71c76ca95a77d7a37602a29e044e6
2008.0/x86_64/lib64icu36-3.6-4.1mdv2008.0.x86_64.rpm
01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (GNU/Linux)
iD8DBQFHmhvYmqjQ0CJFipgRAm6IAKClD/9ulGmbk7Z7SayIH+BN4/pyIQCfQ+nh
tlWhEvXlMHpfARRF8T+62F8=
=rEPU
-----END PGP SIGNATURE-----