| Summary: | <dev-libs/icu-58.1: Stack based buffer overflow in locid.cpp (CVE-2016-7415) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | herrtimson, nobrowser |
| Priority: | Normal | Flags: | kensington:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://bugs.icu-project.org/trac/ticket/12745 | ||
| See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1377361 https://bugs.gentoo.org/show_bug.cgi?id=599094 |
||
| Whiteboard: | A2 [glsa cve] | ||
| Package list: |
=dev-libs/icu-58.1-r1
|
Runtime testing required: | --- |
| Bug Depends on: | 599346, 600038, 603792 | ||
| Bug Blocks: | 589814, 601396 | ||
This was fixed in v58.1 (see http://site.icu-project.org/security) which is available in Gentoo repository since https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/icu?id=b4293900b8325feb1be4ad127dd4823ed022985d @ maintainer(s): Please tell us how to proceed. Is =dev-libs/icu-58.1-r1 ready for stabilization? (In reply to Thomas Deutschmann from comment #1) > This was fixed in v58.1 (see http://site.icu-project.org/security) which is > available in Gentoo repository since > https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/ > icu?id=b4293900b8325feb1be4ad127dd4823ed022985d > > > @ maintainer(s): Please tell us how to proceed. Is =dev-libs/icu-58.1-r1 > ready for stabilization? 58.1 is rather fresh and made a few things explode. I've asked for a tinderbox run, so we can find a list of other stuff that needs to be stabilized at the same time. (I know about chromium and libreoffice. The known firefox problem is patched in -r1.) Current stable chromium-54 uses a bundled copy of ICU, so no need to wait for us. CVE-2016-7415 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-7415): Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string. Arches please stabilize =dev-libs/icu-58.1-r1 Target: all stable arches amd64, x86: please do it in bug 600038 (In reply to Andreas K. Hüttel from comment #5) > Arches please stabilize =dev-libs/icu-58.1-r1 > Target: all stable arches > > amd64, x86: please do it in bug 600038 Which arches are you asking to stabilize here? Arches please stabilize =dev-libs/icu-58.1-r1 Target: all stable arches all arches except amd64, x86: please proceed here amd64, x86: please proceed in bug 600038 amd64 stable x86 stable (In reply to Agostino Sarubbo from comment #8) > amd64 stable (In reply to Agostino Sarubbo from comment #9) > x86 stable OK that just broke deptree resolution for all libreoffice-bin users... This broke as well the dependency tree for the source based libreoffice if the user is having a stable x86/amd64 system. First libreoffice ebuild that does allow to be build with dev-libs/icu:= is libreoffice-5.2.3.3 (In reply to Andreas K. Hüttel from comment #10) > (In reply to Agostino Sarubbo from comment #8) > > amd64 stable > > (In reply to Agostino Sarubbo from comment #9) > > x86 stable > > OK that just broke deptree resolution for all libreoffice-bin users... (In reply to tt_1 from comment #11) > This broke as well the dependency tree for the source based libreoffice if > the user is having a stable x86/amd64 system. First libreoffice ebuild that > does allow to be build with dev-libs/icu:= is libreoffice-5.2.3.3 Fixed now, thanks ago. *** Bug 601400 has been marked as a duplicate of this bug. *** Stable on alpha. arm stable sparc stable ia64 stable ppc stable ppc64 stable Stable for HPPA. Cleanup done. Office out. Had to revert the cleanup since it depends on bug 603792 New GLSA request filed. This issue was resolved and addressed in GLSA 201701-58 at https://security.gentoo.org/glsa/201701-58 by GLSA coordinator Aaron Bauman (b-man). re-opened for cleanup tree is clean |
From ${URL} : It was found that big locale string causes stack based overflow inside libicu. PHP bug: https://bugs.php.net/bug.php?id=73007 CVE assignment: http://seclists.org/oss-sec/2016/q3/518 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.