Mandriva Linux Security Advisory : icu (MDVSA-2008:026)

High Nessus Plugin ID 37215


The remote Mandriva Linux host is missing one or more security updates.


Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.

The updated packages have been patched to correct these issues.


Update the affected packages.

Plugin Details

Severity: High

ID: 37215

File Name: mandriva_MDVSA-2008-026.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2013/06/01

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:icu, p-cpe:/a:mandriva:linux:icu-doc, p-cpe:/a:mandriva:linux:lib64icu-devel, p-cpe:/a:mandriva:linux:lib64icu36, p-cpe:/a:mandriva:linux:libicu-devel, p-cpe:/a:mandriva:linux:libicu36, cpe:/o:mandriva:linux:2008.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2008/01/25

Reference Information

CVE: CVE-2007-4770, CVE-2007-4771

MDVSA: 2008:026

CWE: 399