|
|
| Problem Description |
Will Drewry reported multiple flaws in how libicu processed certain
malformed regular expressions. If an application linked against
libicu, such as OpenOffice.org, processed a carefully-crafted regular
expression, it could potentially cause the execution of arbitrary
code with the privileges of the user running the application.
The updated packages have been patched to correct these issues.
| Updated Packages |
Mandriva Linux 2008.0
7be8d05368f1df77edc94bb834c714cd 2008.0/i586/icu-3.6-4.1mdv2008.0.i586.rpm ef3398e874daf8e90a2ba7ac7905ee0c 2008.0/i586/icu-doc-3.6-4.1mdv2008.0.i586.rpm 119907c5156b986a7416e5bd408d671a 2008.0/i586/libicu-devel-3.6-4.1mdv2008.0.i586.rpm 5838818d204a452c9017212829c4028d 2008.0/i586/libicu36-3.6-4.1mdv2008.0.i586.rpm 01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64
b95b013d629d556d89e6330407111615 2008.0/x86_64/icu-3.6-4.1mdv2008.0.x86_64.rpm 169020a3e5467ac5d0f63b7224fe9e38 2008.0/x86_64/icu-doc-3.6-4.1mdv2008.0.x86_64.rpm 896c989a753a991b0aa4f41b3ca35b30 2008.0/x86_64/lib64icu-devel-3.6-4.1mdv2008.0.x86_64.rpm 8fb71c76ca95a77d7a37602a29e044e6 2008.0/x86_64/lib64icu36-3.6-4.1mdv2008.0.x86_64.rpm 01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.