Test ID:	1.3.6.1.4.1.25623.1.0.842117
Category:	Ubuntu Local Security Checks
Title:	Ubuntu: Security Advisory (USN-2522-1)
Summary:	The remote host is missing an update for the 'icu' package(s) announced via the USN-2522-1 advisory.
Description:	Summary: The remote host is missing an update for the 'icu' package(s) announced via the USN-2522-1 advisory. Vulnerability Insight: It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. This issue only affected Ubuntu 12.04 LTS. (CVE-2013-1569, CVE-2013-2383, CVE-2013-2384, CVE-2013-2419) It was discovered that ICU incorrectly handled memory operations when processing fonts. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-6585, CVE-2014-6591) It was discovered that ICU incorrectly handled memory operations when processing regular expressions. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7923, CVE-2014-7926, CVE-2014-9654) It was discovered that ICU collator implementation incorrectly handled memory operations. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7940) Affected Software/OS: 'icu' package(s) on Ubuntu 12.04, Ubuntu 14.04, Ubuntu 14.10. Solution: Please install the updated package(s). CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2013-1569 http://lists.apple.com/archives/security-announce/2013/Apr/msg00001.html BugTraq ID: 59166 http://www.securityfocus.com/bid/59166 Cert/CC Advisory: TA13-107A http://www.us-cert.gov/ncas/alerts/TA13-107A http://security.gentoo.org/glsa/glsa-201406-32.xml HPdes Security Advisory: HPSBUX02889 http://marc.info/?l=bugtraq&m=137283787217316&w=2 HPdes Security Advisory: HPSBUX02922 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03898880 HPdes Security Advisory: SSRT101252 HPdes Security Advisory: SSRT101305 http://www.mandriva.com/security/advisories?name=MDVSA-2013:145 http://www.mandriva.com/security/advisories?name=MDVSA-2013:161 http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7 https://bugzilla.redhat.com/show_bug.cgi?id=952711 http://mail.openjdk.java.net/pipermail/distro-pkg-dev/2013-April/022796.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16697 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19327 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19556 RedHat Security Advisories: RHSA-2013:0752 http://rhn.redhat.com/errata/RHSA-2013-0752.html RedHat Security Advisories: RHSA-2013:0757 http://rhn.redhat.com/errata/RHSA-2013-0757.html RedHat Security Advisories: RHSA-2013:0758 http://rhn.redhat.com/errata/RHSA-2013-0758.html RedHat Security Advisories: RHSA-2013:1455 http://rhn.redhat.com/errata/RHSA-2013-1455.html RedHat Security Advisories: RHSA-2013:1456 http://rhn.redhat.com/errata/RHSA-2013-1456.html SuSE Security Announcement: SUSE-SU-2013:0814 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00007.html SuSE Security Announcement: SUSE-SU-2013:0835 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00013.html SuSE Security Announcement: SUSE-SU-2013:0871 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00001.html SuSE Security Announcement: SUSE-SU-2013:0934 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00007.html SuSE Security Announcement: openSUSE-SU-2013:0777 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-05/msg00017.html SuSE Security Announcement: openSUSE-SU-2013:0964 (Google Search) http://lists.opensuse.org/opensuse-updates/2013-06/msg00099.html http://www.ubuntu.com/usn/USN-1806-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-2383 BugTraq ID: 59190 http://www.securityfocus.com/bid/59190 https://bugzilla.redhat.com/show_bug.cgi?id=952708 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16564 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19291 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19725 Common Vulnerability Exposure (CVE) ID: CVE-2013-2384 BugTraq ID: 59179 http://www.securityfocus.com/bid/59179 https://bugzilla.redhat.com/show_bug.cgi?id=952709 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16549 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19341 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19549 Common Vulnerability Exposure (CVE) ID: CVE-2013-2419 BugTraq ID: 59131 http://www.securityfocus.com/bid/59131 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16527 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19386 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19526 Common Vulnerability Exposure (CVE) ID: CVE-2014-6585 BugTraq ID: 72173 http://www.securityfocus.com/bid/72173 Debian Security Information: DSA-3144 (Google Search) http://www.debian.org/security/2015/dsa-3144 Debian Security Information: DSA-3147 (Google Search) http://www.debian.org/security/2015/dsa-3147 Debian Security Information: DSA-3323 (Google Search) http://www.debian.org/security/2015/dsa-3323 https://security.gentoo.org/glsa/201507-14 https://security.gentoo.org/glsa/201603-14 HPdes Security Advisory: HPSBUX03273 http://marc.info/?l=bugtraq&m=142496355704097&w=2 HPdes Security Advisory: HPSBUX03281 http://h20564.www2.hp.com/hpsc/doc/public/display?docId=emr_na-c04583581 HPdes Security Advisory: SSRT101951 HPdes Security Advisory: SSRT101968 http://marc.info/?l=bugtraq&m=142607790919348&w=2 RedHat Security Advisories: RHSA-2015:0068 http://rhn.redhat.com/errata/RHSA-2015-0068.html RedHat Security Advisories: RHSA-2015:0079 http://rhn.redhat.com/errata/RHSA-2015-0079.html RedHat Security Advisories: RHSA-2015:0080 http://rhn.redhat.com/errata/RHSA-2015-0080.html RedHat Security Advisories: RHSA-2015:0085 http://rhn.redhat.com/errata/RHSA-2015-0085.html RedHat Security Advisories: RHSA-2015:0086 http://rhn.redhat.com/errata/RHSA-2015-0086.html RedHat Security Advisories: RHSA-2015:0136 http://rhn.redhat.com/errata/RHSA-2015-0136.html RedHat Security Advisories: RHSA-2015:0264 http://rhn.redhat.com/errata/RHSA-2015-0264.html http://www.securitytracker.com/id/1031580 SuSE Security Announcement: SUSE-SU-2015:0336 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00024.html SuSE Security Announcement: SUSE-SU-2015:0503 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00018.html SuSE Security Announcement: openSUSE-SU-2015:0190 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00001.html http://www.ubuntu.com/usn/USN-2486-1 http://www.ubuntu.com/usn/USN-2487-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-6591 BugTraq ID: 72175 http://www.securityfocus.com/bid/72175 Common Vulnerability Exposure (CVE) ID: CVE-2014-7923 BugTraq ID: 72288 http://www.securityfocus.com/bid/72288 http://security.gentoo.org/glsa/glsa-201502-13.xml https://security.gentoo.org/glsa/201503-06 https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html RedHat Security Advisories: RHSA-2015:0093 http://rhn.redhat.com/errata/RHSA-2015-0093.html http://www.securitytracker.com/id/1031623 http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 SuSE Security Announcement: openSUSE-SU-2015:0441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://www.ubuntu.com/usn/USN-2476-1 Common Vulnerability Exposure (CVE) ID: CVE-2014-7926 Common Vulnerability Exposure (CVE) ID: CVE-2014-7940 Common Vulnerability Exposure (CVE) ID: CVE-2014-9654 1035410 http://www.securitytracker.com/id/1035410 GLSA-201503-06 [oss-security] 20150205 Re: CVE request - ICU http://openwall.com/lists/oss-security/2015/02/05/15 http://bugs.icu-project.org/trac/changeset/36801 http://bugs.icu-project.org/trac/ticket/11371 http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 https://code.google.com/p/chromium/issues/detail?id=432209
Copyright	Copyright (C) 2015 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.