Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 546750 (CVE-2015-0469) - dev-libs/icu: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
Summary: dev-libs/icu: layout engine glyphStorage off-by-one (OpenJDK 2D, 8067699)
Status: RESOLVED INVALID
Alias: CVE-2015-0469
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: A3 [upstream/ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-16 08:59 UTC by Agostino Sarubbo
Modified: 2015-04-16 10:02 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-04-16 08:59:53 UTC
From ${URL} :

An off-by-one error, leading to heap-based buffer overflow in the ICU Layout Engine ligature 
substitution processor.  A check which was added as part of fix for CVE-2013-1569 (bug 952711) / 
CVE-2013-2383 (bug 952708) / CVE-2013-2384 (bug 952709) was found to contain an incorrect array 
boundary check.  A specially crafted file could cause an application using ICU to parse untrusted 
font files to crash or, possibly, execute arbitrary code.

The original fix was added to OpenJDK and ICU via the following commits:

http://hg.openjdk.java.net/jdk7u/jdk7u-dev/jdk/rev/6784c9903db7

http://bugs.icu-project.org/trac/changeset/33535
http://bugs.icu-project.org/trac/ticket/10107

ICU code is embedded the 2D component in OpenJDK and used by FontManager.  An untrusted Java 
application or applet could use this flaw to bypass certain Java sandbox restrictions.


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Agostino Sarubbo gentoo-dev 2015-04-16 10:02:23 UTC
The fix was added 2 years ago, so the bug is not relevant.