-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2008:026 http://www.mandriva.com/security/ _______________________________________________________________________ Package : icu Date : January 25, 2008 Affected: 2008.0 _______________________________________________________________________ Problem Description: Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application. The updated packages have been patched to correct these issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4770 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4771 _______________________________________________________________________ Updated Packages: Mandriva Linux 2008.0: 7be8d05368f1df77edc94bb834c714cd 2008.0/i586/icu-3.6-4.1mdv2008.0.i586.rpm ef3398e874daf8e90a2ba7ac7905ee0c 2008.0/i586/icu-doc-3.6-4.1mdv2008.0.i586.rpm 119907c5156b986a7416e5bd408d671a 2008.0/i586/libicu-devel-3.6-4.1mdv2008.0.i586.rpm 5838818d204a452c9017212829c4028d 2008.0/i586/libicu36-3.6-4.1mdv2008.0.i586.rpm 01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm Mandriva Linux 2008.0/X86_64: b95b013d629d556d89e6330407111615 2008.0/x86_64/icu-3.6-4.1mdv2008.0.x86_64.rpm 169020a3e5467ac5d0f63b7224fe9e38 2008.0/x86_64/icu-doc-3.6-4.1mdv2008.0.x86_64.rpm 896c989a753a991b0aa4f41b3ca35b30 2008.0/x86_64/lib64icu-devel-3.6-4.1mdv2008.0.x86_64.rpm 8fb71c76ca95a77d7a37602a29e044e6 2008.0/x86_64/lib64icu36-3.6-4.1mdv2008.0.x86_64.rpm 01bf753e38adbdefc214f39ddc075fea 2008.0/SRPMS/icu-3.6-4.1mdv2008.0.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/security/advisories If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (GNU/Linux) iD8DBQFHmhvYmqjQ0CJFipgRAm6IAKClD/9ulGmbk7Z7SayIH+BN4/pyIQCfQ+nh tlWhEvXlMHpfARRF8T+62F8= =rEPU -----END PGP SIGNATURE-----