{"id":35913,"date":"2020-03-17T21:54:42","date_gmt":"2020-03-17T12:54:42","guid":{"rendered":"https:\/\/jirak.net\/wp\/usn-4305-1-icu-vulnerability\/"},"modified":"2020-03-18T00:34:19","modified_gmt":"2020-03-17T15:34:19","slug":"usn-4305-1-icu-vulnerability","status":"publish","type":"post","link":"https:\/\/jirak.net\/wp\/usn-4305-1-icu-vulnerability\/","title":{"rendered":"USN-4305-1: ICU vulnerability"},"content":{"rendered":"<p>USN-4305-1: ICU vulnerability<\/p>\n<h2 id=\"icu-vulnerability\">icu vulnerability<\/h2>\n<p>A security issue affects these releases of Ubuntu and its derivatives:<\/p>\n<ul>\n<li>Ubuntu 19.10<\/li>\n<li>Ubuntu 18.04 LTS<\/li>\n<li>Ubuntu 16.04 LTS<\/li>\n<li>Ubuntu 14.04 ESM<\/li>\n<li>Ubuntu 12.04 ESM<\/li>\n<\/ul>\n<h3 id=\"summary\">Summary<\/h3>\n<p>ICU could be made to execute arbitrary code if it received a specially crafted<br \/>\nstring.<\/p>\n<h3 id=\"software-description\">Software Description<\/h3>\n<ul>\n<li>icu &#8211; International Components for Unicode library<\/li>\n<\/ul>\n<h3 id=\"details\">Details<\/h3>\n<p>Andr\u00e9 Bargull discovered that ICU incorrectly handled certain strings.<br \/>\nAn attacker could possibly use this issue to execute arbitrary code.<\/p>\n<h2 id=\"update-instructions\">Update instructions<\/h2>\n<p>The problem can be corrected by updating your system to the following package versions:<\/p>\n<dl>\n<dt>Ubuntu 19.10<\/dt>\n<dd><a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\">libicu63<\/a> &#8211; <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\/63.2-2ubuntu0.1\">63.2-2ubuntu0.1<\/a><\/dd>\n<dt>Ubuntu 18.04 LTS<\/dt>\n<dd><a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\">libicu60<\/a> &#8211; <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\/60.2-3ubuntu3.1\">60.2-3ubuntu3.1<\/a><\/dd>\n<dt>Ubuntu 16.04 LTS<\/dt>\n<dd><a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\">libicu55<\/a> &#8211; <a href=\"https:\/\/launchpad.net\/ubuntu\/+source\/icu\/55.1-7ubuntu0.5\">55.1-7ubuntu0.5<\/a><\/dd>\n<dt>Ubuntu 14.04 ESM<\/dt>\n<dd>libicu52 &#8211; 52.1-3ubuntu0.8+esm1<\/dd>\n<dt>Ubuntu 12.04 ESM<\/dt>\n<dd>libicu48 &#8211; 4.8.1.1-3ubuntu0.10<\/dd>\n<\/dl>\n<p>To update your system, please follow these instructions: <a href=\"https:\/\/wiki.ubuntu.com\/Security\/Upgrades\">https:\/\/wiki.ubuntu.com\/Security\/Upgrades<\/a>.<\/p>\n<p>In general, a standard system update will make all the necessary changes.<\/p>\n<h2 id=\"references\">References<\/h2>\n<ul>\n<li><a href=\"https:\/\/people.canonical.com\/~ubuntu-security\/cve\/CVE-2020-10531\">CVE-2020-10531<\/a><\/li>\n<\/ul>\n<p>Source: <a href=\"https:\/\/usn.ubuntu.com\/4305-1\/\" target=\"_blank\" rel=\"noopener noreferrer\">USN-4305-1: ICU vulnerability<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<div class=\"mh-excerpt\"><p>USN-4305-1: ICU vulnerability icu vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 19.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Ubuntu 12.04 ESM Summary ICU could be made to execute arbitrary code if it received a specially crafted string. Software Description icu &#8211; International Components for Unicode library Details Andr\u00e9 Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 19.10 libicu63 &#8211; 63.2-2ubuntu0.1 Ubuntu 18.04 LTS libicu60 &#8211; 60.2-3ubuntu3.1 Ubuntu 16.04 LTS libicu55 &#8211; 55.1-7ubuntu0.5 Ubuntu 14.04 ESM libicu52 &#8211; 52.1-3ubuntu0.8+esm1 Ubuntu 12.04 ESM libicu48 &#8211; 4.8.1.1-3ubuntu0.10 To update your system, please follow these instructions: https:\/\/wiki.ubuntu.com\/Security\/Upgrades. In general, a standard system update will make all the <a class=\"mh-excerpt-more\" href=\"https:\/\/jirak.net\/wp\/usn-4305-1-icu-vulnerability\/\" title=\"USN-4305-1: ICU vulnerability\">[ more&#8230; ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[586],"tags":[587],"class_list":["post-35913","post","type-post","status-publish","format-standard","hentry","category-ubuntu-usn","tag-ubuntu-usn"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/35913","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=35913"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/35913\/revisions"}],"predecessor-version":[{"id":35914,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/35913\/revisions\/35914"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=35913"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=35913"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=35913"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}