Summary
Ubuntu Update for Linux kernel vulnerabilities USN-591-1
Solution
Please Install the Updated Packages.
Insight
Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program.
(CVE-2007-4770)
Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion. (CVE-2007-4771)
Affected
icu vulnerabilities on Ubuntu 6.06 LTS ,
Ubuntu 6.10 ,
Ubuntu 7.04 ,
Ubuntu 7.10
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-4770, CVE-2007-4771 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities