Debian DSA-3187-1 : icu - security update

Critical Nessus Plugin ID 81831


The remote Debian host is missing a security-related update.


Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

- CVE-2013-1569 Glyph table issue.

- CVE-2013-2383 Glyph table issue.

- CVE-2013-2384 Font layout issue.

- CVE-2013-2419 Font processing issue.

- CVE-2014-6585 Out-of-bounds read.

- CVE-2014-6591 Additional out-of-bounds reads.

- CVE-2014-7923 Memory corruption in regular expression comparison.

- CVE-2014-7926 Memory corruption in regular expression comparison.

- CVE-2014-7940 Uninitialized memory.

- CVE-2014-9654 More regular expression flaws.


Upgrade the icu packages.

For the stable distribution (wheezy), these problems have been fixed in version

For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1.

See Also

Plugin Details

Severity: Critical

ID: 81831

File Name: debian_DSA-3187.nasl

Version: 1.17

Type: local

Agent: unix

Published: 2015/03/17

Updated: 2020/03/12

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:icu, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/03/15

Reference Information

CVE: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654

BID: 59131, 59166, 59179, 59190, 72173, 72175

DSA: 3187