Debian DSA-3187-1 : icu - security update

critical Nessus Plugin ID 81831


The remote Debian host is missing a security-related update.


Several vulnerabilities were discovered in the International Components for Unicode (ICU) library.

- CVE-2013-1569 Glyph table issue.

- CVE-2013-2383 Glyph table issue.

- CVE-2013-2384 Font layout issue.

- CVE-2013-2419 Font processing issue.

- CVE-2014-6585 Out-of-bounds read.

- CVE-2014-6591 Additional out-of-bounds reads.

- CVE-2014-7923 Memory corruption in regular expression comparison.

- CVE-2014-7926 Memory corruption in regular expression comparison.

- CVE-2014-7940 Uninitialized memory.

- CVE-2014-9654 More regular expression flaws.


Upgrade the icu packages.

For the stable distribution (wheezy), these problems have been fixed in version

For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1.

See Also

Plugin Details

Severity: Critical

ID: 81831

File Name: debian_DSA-3187.nasl

Version: 1.18

Type: local

Agent: unix

Published: 3/17/2015

Updated: 1/11/2021

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Nessus Agent

Risk Information


Risk Factor: High

Score: 7.5


Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:POC/RL:OF/RC:C


Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:icu, cpe:/o:debian:debian_linux:7.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/15/2015

Reference Information

CVE: CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419, CVE-2014-6585, CVE-2014-6591, CVE-2014-7923, CVE-2014-7926, CVE-2014-7940, CVE-2014-9654

BID: 59131, 59166, 59179, 59190, 72173, 72175

DSA: 3187