Upstream information

CVE-2007-4771 at MITRE

Description

Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having critical severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 9.3
Vector AV:N/AC:M/Au:N/C:C/I:C/A:C
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entries: 354372 [RESOLVED / FIXED], 363252 [RESOLVED / FIXED], 417817 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • libicu >= 4.0-7.24.11
  • libicu-32bit >= 4.0-7.24.11
  • libicu-doc >= 4.0-7.24.11
  • libicu-x86 >= 4.0-7.24.11
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA libicu-32bit
SUSE Linux Enterprise Server 11 SP2
  • libicu >= 4.0-7.26.1
  • libicu-32bit >= 4.0-7.26.1
  • libicu-doc >= 4.0-7.26.1
  • libicu-x86 >= 4.0-7.24.11
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA libicu-32bit
SUSE Linux Enterprise Server 11 SP3
  • libicu >= 4.0-7.26.15
  • libicu-32bit >= 4.0-7.26.15
  • libicu-doc >= 4.0-7.26.15
  • libicu-x86 >= 4.0-7.26.15
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA libicu-32bit
SUSE Linux Enterprise Server 11 SP4
  • libicu >= 4.0-7.26.15
  • libicu-32bit >= 4.0-7.26.15
  • libicu-doc >= 4.0-7.26.15
  • libicu-x86 >= 4.0-7.26.15
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA libicu-32bit
SUSE Linux Enterprise Software Development Kit 11 SP4
  • icu >= 4.0-7.26.15
  • libicu-32bit >= 4.0-7.26.15
  • libicu-devel >= 4.0-7.26.15
  • libicu-devel-32bit >= 4.0-7.26.15
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA icu
Novell Linux Desktop 9 SDK for x86
Novell Linux Desktop 9 SDK for x86_64
Novell Linux Desktop 9 for x86
SLES SDK 9 for IBM S/390 and IBM zSeries
SLES SDK 9 for IBM iSeries and IBM pSeries
SLES SDK 9 for IBM zSeries
SLES SDK 9 for IPF
SLES SDK 9 for X86-64
SLES SDK 9 for x86
  • icu >= 2.6.2-2.9
  • icu-data >= 2.6.2-2.9
  • icu-i18ndata >= 2.6.2-2.9
  • libicu-devel >= 2.6.2-2.9
  • libicu26 >= 2.6.2-2.9
core9.x86
core9.s390
YOU Patch Nr: 12096
Novell Linux Desktop 9 for x86_64
  • icu >= 2.6.2-2.9
  • icu-data >= 2.6.2-2.9
  • icu-i18ndata >= 2.6.2-2.9
  • libicu-devel >= 2.6.2-2.9
  • libicu26 >= 2.6.2-2.9
  • libicu26-32bit >= 9-200802280045
core9.x86
core9.s390
YOU Patch Nr: 12096
SUSE LINUX 10.1
  • OpenOffice_org >= 2.0.4-38.9
  • OpenOffice_org-af >= 2.0.4-38.9
  • OpenOffice_org-ar >= 2.0.4-38.9
  • OpenOffice_org-be-BY >= 2.0.4-38.9
  • OpenOffice_org-bg >= 2.0.4-38.9
  • OpenOffice_org-ca >= 2.0.4-38.9
  • OpenOffice_org-cs >= 2.0.4-38.9
  • OpenOffice_org-cy >= 2.0.4-38.9
  • OpenOffice_org-da >= 2.0.4-38.9
  • OpenOffice_org-de >= 2.0.4-38.9
  • OpenOffice_org-el >= 2.0.4-38.9
  • OpenOffice_org-en-GB >= 2.0.4-38.9
  • OpenOffice_org-es >= 2.0.4-38.9
  • OpenOffice_org-et >= 2.0.4-38.9
  • OpenOffice_org-fi >= 2.0.4-38.9
  • OpenOffice_org-fr >= 2.0.4-38.9
  • OpenOffice_org-galleries >= 2.0.4-38.9
  • OpenOffice_org-gnome >= 2.0.4-38.9
  • OpenOffice_org-gu-IN >= 2.0.4-38.9
  • OpenOffice_org-hi-IN >= 2.0.4-38.9
  • OpenOffice_org-hr >= 2.0.4-38.9
  • OpenOffice_org-hu >= 2.0.4-38.9
  • OpenOffice_org-it >= 2.0.4-38.9
  • OpenOffice_org-ja >= 2.0.4-38.9
  • OpenOffice_org-kde >= 2.0.4-38.9
  • OpenOffice_org-km >= 2.0.4-38.9
  • OpenOffice_org-ko >= 2.0.4-38.9
  • OpenOffice_org-lt >= 2.0.4-38.9
  • OpenOffice_org-mk >= 2.0.4-38.9
  • OpenOffice_org-mono >= 2.0.4-38.9
  • OpenOffice_org-nb >= 2.0.4-38.9
  • OpenOffice_org-nl >= 2.0.4-38.9
  • OpenOffice_org-nn >= 2.0.4-38.9
  • OpenOffice_org-officebean >= 2.0.4-38.9
  • OpenOffice_org-pa-IN >= 2.0.4-38.9
  • OpenOffice_org-pl >= 2.0.4-38.9
  • OpenOffice_org-pt >= 2.0.4-38.9
  • OpenOffice_org-pt-BR >= 2.0.4-38.9
  • OpenOffice_org-ru >= 2.0.4-38.9
  • OpenOffice_org-rw >= 2.0.4-38.9
  • OpenOffice_org-sk >= 2.0.4-38.9
  • OpenOffice_org-sl >= 2.0.4-38.9
  • OpenOffice_org-sr-CS >= 2.0.4-38.9
  • OpenOffice_org-st >= 2.0.4-38.9
  • OpenOffice_org-sv >= 2.0.4-38.9
  • OpenOffice_org-tr >= 2.0.4-38.9
  • OpenOffice_org-ts >= 2.0.4-38.9
  • OpenOffice_org-vi >= 2.0.4-38.9
  • OpenOffice_org-xh >= 2.0.4-38.9
  • OpenOffice_org-zh-CN >= 2.0.4-38.9
  • OpenOffice_org-zh-TW >= 2.0.4-38.9
  • OpenOffice_org-zu >= 2.0.4-38.9
SUSE LINUX 10.1
  • icu >= 3.4-16.6
  • icu-data >= 3.4-16.6
  • libicu >= 3.4-16.6
  • libicu-32bit >= 3.4-16.6
  • libicu-64bit >= 3.4-16.6
  • libicu-devel >= 3.4-16.6
  • libicu-devel-32bit >= 3.4-16.6
  • libicu-devel-64bit >= 3.4-16.6
  • libicu-doc >= 3.4-16.6
Novell Linux Desktop 9 for x86
Novell Linux Desktop 9 for x86_64
  • OpenOffice_org >= 1.1.5-0.22
  • OpenOffice_org-ar >= 1.1.5-0.22
  • OpenOffice_org-ca >= 1.1.5-0.22
  • OpenOffice_org-cs >= 1.1.5-0.22
  • OpenOffice_org-da >= 1.1.5-0.22
  • OpenOffice_org-de >= 1.1.5-0.22
  • OpenOffice_org-el >= 1.1.5-0.22
  • OpenOffice_org-en >= 1.1.5-0.22
  • OpenOffice_org-en-help >= 1.1.5-0.22
  • OpenOffice_org-es >= 1.1.5-0.22
  • OpenOffice_org-et >= 1.1.5-0.22
  • OpenOffice_org-fi >= 1.1.5-0.22
  • OpenOffice_org-fr >= 1.1.5-0.22
  • OpenOffice_org-gnome >= 1.1.5-0.22
  • OpenOffice_org-hu >= 1.1.5-0.22
  • OpenOffice_org-it >= 1.1.5-0.22
  • OpenOffice_org-ja >= 1.1.5-0.22
  • OpenOffice_org-kde >= 1.1.5-0.22
  • OpenOffice_org-ko >= 1.1.5-0.22
  • OpenOffice_org-nl >= 1.1.5-0.22
  • OpenOffice_org-pl >= 1.1.5-0.22
  • OpenOffice_org-pt >= 1.1.5-0.22
  • OpenOffice_org-pt-BR >= 1.1.5-0.22
  • OpenOffice_org-ru >= 1.1.5-0.22
  • OpenOffice_org-sk >= 1.1.5-0.22
  • OpenOffice_org-sl >= 1.1.5-0.22
  • OpenOffice_org-sv >= 1.1.5-0.22
  • OpenOffice_org-tr >= 1.1.5-0.22
  • OpenOffice_org-zh-CN >= 1.1.5-0.22
  • OpenOffice_org-zh-TW >= 1.1.5-0.22
sles9-nld.x86-64
sles9-nld.x86
ZYPP Patch Nr: 5052