Test ID:	1.3.6.1.4.1.25623.1.0.703187
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-3187-1)
Summary:	The remote host is missing an update for the Debian 'icu' package(s) announced via the DSA-3187-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'icu' package(s) announced via the DSA-3187-1 advisory. Vulnerability Insight: Several vulnerabilities were discovered in the International Components for Unicode (ICU) library. CVE-2013-1569 Glyph table issue. CVE-2013-2383 Glyph table issue. CVE-2013-2384 Font layout issue. CVE-2013-2419 Font processing issue. CVE-2014-6585 Out-of-bounds read. CVE-2014-6591 Additional out-of-bounds reads. CVE-2014-7923 Memory corruption in regular expression comparison. CVE-2014-7926 Memory corruption in regular expression comparison. CVE-2014-7940 Uninitialized memory. CVE-2014-9654 More regular expression flaws. For the stable distribution (wheezy), these problems have been fixed in version 4.8.1.1-12+deb7u2. For the upcoming stable (jessie) and unstable (sid) distributions, these problems have been fixed in version 52.1-7.1. We recommend that you upgrade your icu packages. Affected Software/OS: 'icu' package(s) on Debian 7. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1569 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html BugTraq ID: 59166 http://www.securityfocus.com/bid/59166 Cert/CC Advisory: TA13-107A http://www.us-cert.gov/ncas/alerts/TA13-107A http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02889 http://marc.info/?l=bugtraq&m=137283787217316&w=2 HPdes Security Advisory: HPSBUX02922 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 HPdes Security Advisory: SSRT101252 HPdes Security Advisory: SSRT101305 http://www.mandriva.com/security/advisories?name=MDVSA-2013:145 http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7 https://bugzilla.redhat.com/show_bug.cgi?id=952711 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16697 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19556 RedHat Security Advisories: RHSA-2013:0752 http://rhn.redhat.com/errata/RHSA-2013-0752.html RedHat Security Advisories: RHSA-2013:0757 http://rhn.redhat.com/errata/RHSA-2013-0757.html RedHat Security Advisories: RHSA-2013:0758 http://rhn.redhat.com/errata/RHSA-2013-0758.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html SuSE Security Announcement: SUSE-SU-2013:0814 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html SuSE Security Announcement: SUSE-SU-2013:0835 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html SuSE Security Announcement: SUSE-SU-2013:0871 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html SuSE Security Announcement: SUSE-SU-2013:0934 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2013:0777 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2013:0964 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://www.ubuntu.com/usn/USN-1806-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2383 BugTraq ID: 59190 http://www.securityfocus.com/bid/59190 https://bugzilla.redhat.com/show_bug.cgi?id=952708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19725 Common Vulnerability Exposure (CVE) ID: CVE-2013-2384 BugTraq ID: 59179 http://www.securityfocus.com/bid/59179 https://bugzilla.redhat.com/show_bug.cgi?id=952709 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16549 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19341 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19549 Common Vulnerability Exposure (CVE) ID: CVE-2013-2419 BugTraq ID: 59131 http://www.securityfocus.com/bid/59131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526 Common Vulnerability Exposure (CVE) ID: CVE-2014-6585 BugTraq ID: 72173 http://www.securityfocus.com/bid/72173 Debian Security Information: DSA-3144 (Google Search) http://www.debian.org/security/2015/dsa-3144 Debian Security Information: DSA-3147 (Google Search) http://www.debian.org/security/2015/dsa-3147 Debian Security Information: DSA-3323 (Google Search) http://www.debian.org/security/2015/dsa-3323 https://security.gentoo.org/glsa/201507-14 https://security.gentoo.org/glsa/201603-14 HPdes Security Advisory: HPSBUX03273 http://marc.info/?l=bugtraq&m=142496355704097&w=2 HPdes Security Advisory: HPSBUX03281 http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 HPdes Security Advisory: SSRT101951 HPdes Security Advisory: SSRT101968 http://marc.info/?l=bugtraq&m=142607790919348&w=2 RedHat Security Advisories: RHSA-2015:0068 http://rhn.redhat.com/errata/RHSA-2015-0068.html RedHat Security Advisories: RHSA-2015:0079 http://rhn.redhat.com/errata/RHSA-2015-0079.html RedHat Security Advisories: RHSA-2015:0080 http://rhn.redhat.com/errata/RHSA-2015-0080.html RedHat Security Advisories: RHSA-2015:0085 http://rhn.redhat.com/errata/RHSA-2015-0085.html RedHat Security Advisories: RHSA-2015:0086 http://rhn.redhat.com/errata/RHSA-2015-0086.html RedHat Security Advisories: RHSA-2015:0136 http://rhn.redhat.com/errata/RHSA-2015-0136.html RedHat Security Advisories: RHSA-2015:0264 http://rhn.redhat.com/errata/RHSA-2015-0264.html http://www.securitytracker.com/id/1031580 SuSE Security Announcement: SUSE-SU-2015:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html SuSE Security Announcement: SUSE-SU-2015:0503 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html SuSE Security Announcement: openSUSE-SU-2015:0190 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://www.ubuntu.com/usn/USN-2486-1 http://www.ubuntu.com/usn/USN-2487-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-6591 BugTraq ID: 72175 http://www.securityfocus.com/bid/72175 Common Vulnerability Exposure (CVE) ID: CVE-2014-7923 BugTraq ID: 72288 http://www.securityfocus.com/bid/72288 http://security.gentoo.org/glsa/glsa-201502-13.xml https://security.gentoo.org/glsa/201503-06 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2015:0093 http://rhn.redhat.com/errata/RHSA-2015-0093.html http://www.securitytracker.com/id/1031623 http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 SuSE Security Announcement: openSUSE-SU-2015:0441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://www.ubuntu.com/usn/USN-2476-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7926 Common Vulnerability Exposure (CVE) ID: CVE-2014-7940 Common Vulnerability Exposure (CVE) ID: CVE-2014-9654 1035410 http://www.securitytracker.com/id/1035410 GLSA-201503-06 [oss-security] 20150205 Re: CVE request - ICU http://openwall.com/lists/oss-security/2015/02/05/15 http://bugs.icu-project.org/trac/changeset/36801 http://bugs.icu-project.org/trac/ticket/11371 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 https://code.google.com/p/chromium/issues/detail?id=432209
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.