Mandriva Linux Security Advisory : icu (MDVSA-2008:026)

high Nessus Plugin ID 37215

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.

The updated packages have been patched to correct these issues.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 37215

File Name: mandriva_MDVSA-2008-026.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:icu, p-cpe:/a:mandriva:linux:icu-doc, p-cpe:/a:mandriva:linux:lib64icu-devel, p-cpe:/a:mandriva:linux:lib64icu36, p-cpe:/a:mandriva:linux:libicu-devel, p-cpe:/a:mandriva:linux:libicu36, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 1/25/2008

Reference Information

CVE: CVE-2007-4770, CVE-2007-4771

CWE: 399

MDVSA: 2008:026