News

=========================================================== Ubuntu Security Notice USN-591-1 March 24, 2008 icu vulnerabilities CVE-2007-4770, CVE-2007-4771 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libicu34 3.4.1a-1ubuntu1.6.06.1 Ubuntu 6.10: libicu34 3.4.1a-1ubuntu1.6.10.1 Ubuntu 7.04: libicu36 3.6-2ubuntu0.1 Ubuntu 7.10: libicu36 3.6-3ubuntu0.1 After a standard system upgrade you need to restart applications linked against libicu, such as OpenOffice.org, to effect the necessary changes. Details follow: Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2007-4770) Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion. (CVE-2007-4771)