The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of ICU: integer overflow of LETableReference

Synthesis of the vulnerability 

An attacker can generate an integer overflow in LETableReference of ICU, in order to trigger a denial of service, and possibly to run code.
Vulnerable software: Debian, SnapManager, Solaris, Ubuntu.
Severity of this announce: 2/4.
Creation date: 17/09/2015.
Références of this computer vulnerability: 1242394, 9010041, 9010044, bulletinoct2015, CVE-2015-2632, DLA-545-1, DSA-3725-1, NTAP-20150715-0001, NTAP-20151028-0001, USN-2740-1, VIGILANCE-VUL-17911.

Description of the vulnerability 

An attacker can generate an integer overflow in LETableReference of ICU, in order to trigger a denial of service, and possibly to run code.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer weakness alert impacts software or systems such as Debian, SnapManager, Solaris, Ubuntu.

Our Vigil@nce team determined that the severity of this weakness note is medium.

The trust level is of type confirmed by the editor, with an origin of document.

An attacker with a expert ability can exploit this weakness bulletin.

Solutions for this threat 

Debian 7: new icu packages.
New packages are available:
  Debian 7: icu 4.8.1.1-12+deb7u4

Debian 8: new icu packages.
New packages are available:
  Debian 8: icu 52.1-8+deb8u4

NetApp SnapManager: patch for Oracle Java.
A patch is available:
  SnapManager for Oracle: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=959904
  SnapManager for SAP: http://mysupport.netapp.com/NOW/cgi-bin/bol?Type=Detail&Display=959905

Solaris: patch for Third Party (11/2015).
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

Ubuntu: new libicu packages.
New packages are available:
  Ubuntu 15.04: libicu52 52.1-8ubuntu0.2
  Ubuntu 14.04 LTS: libicu52 52.1-3ubuntu0.4
  Ubuntu 12.04 LTS: libicu48 4.8.1.1-3ubuntu0.6
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a systems vulnerabilities note. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.