[Bug 186578] Re: [libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of arbitrary code via malformed regular expressions

Bug Watch Updater 186578 at bugs.launchpad.net
Fri Oct 27 09:22:15 UTC 2017 

Launchpad has imported 8 comments from the remote bug at
https://bugzilla.redhat.com/show_bug.cgi?id=429023.

If you reply to an imported comment from within Launchpad, your comment
will be sent to the remote bug automatically. Read more about
Launchpad's inter-bugtracker facilities at
https://help.launchpad.net/InterBugTracking.

------------------------------------------------------------------------
On 2008-01-16T20:53:36+00:00 Josh wrote:

Will Drewry reported a flaw in the way libicu processes certain regular
expressions.  He reports:

    On regular expression compilation, illegal backreferences may refer to the
    non-existent capture group '0'.  When these are builts, they will result
    in corrupt REStackFrames which will be used at a later point.  Crashes may
    result in out of band reads or writes depending on the regular expression
    being executed.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/0

------------------------------------------------------------------------
On 2008-01-17T09:20:08+00:00 Caolan wrote:

Created attachment 291973
An example of icu pattern matching in OOo

I figured out how to get OOo to match patterns with the icu regexp stuff.
Attached is a test-case which just tries to match "I am a pattern"

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/1

------------------------------------------------------------------------
On 2008-01-18T08:06:42+00:00 Tomas wrote:

Created attachment 292114
Patch agains ICU 3.8 proposed by Andy Heninger

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/2

------------------------------------------------------------------------
On 2008-01-22T08:59:16+00:00 Caolan wrote:

Created attachment 292482
backported patch

I can't commit to RHEL icu without approved bugzilla ids.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/3

------------------------------------------------------------------------
On 2008-01-25T13:14:05+00:00 Josh wrote:

This is now public:
http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/4

------------------------------------------------------------------------
On 2008-01-27T07:13:09+00:00 Fedora wrote:

icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/5

------------------------------------------------------------------------
On 2008-01-27T07:21:19+00:00 Fedora wrote:

icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository.  If
problems still persist, please make note of it in this bug report.

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/6

------------------------------------------------------------------------
On 2008-01-27T10:15:09+00:00 Red wrote:

This issue was addressed in:

Red Hat Enterprise Linux:
  http://rhn.redhat.com/errata/RHSA-2008-0090.html

Fedora:
  https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1076
  https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1036

Reply at:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/7


** Changed in: icu (Fedora)
   Importance: Unknown => High

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to icu in Ubuntu.
https://bugs.launchpad.net/bugs/186578

Title:
  [libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of
  arbitrary code via malformed regular expressions

Status in icu package in Ubuntu:
  Fix Released
Status in icu source package in Dapper:
  Fix Released
Status in icu source package in Edgy:
  Fix Released
Status in icu source package in Feisty:
  Fix Released
Status in icu source package in Gutsy:
  Fix Released
Status in icu source package in Hardy:
  Fix Released
Status in icu package in Debian:
  Fix Released
Status in icu package in Fedora:
  Fix Released
Status in icu package in Gentoo Linux:
  Fix Released

Bug description:
  Binary package hint: libicu36

  References:
  MDVSA-2008:026 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026)

  Quoting:
  "Will Drewry reported multiple flaws in how libicu processed certain
  malformed regular expressions. If an application linked against
  libicu, such as OpenOffice.org, processed a carefully-crafted regular
  expression, it could potentially cause the execution of arbitrary
  code with the privileges of the user running the application."

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/+subscriptions

More information about the foundations-bugs mailing list