Menu

e-bay Security Practices under investigation by US States      

Biggest ever Distributed Denial of Service (DDoS) attack on Cloudfare Networks       

Bitcoin Exchanges continue to suspended withdrawal operations      

Snowden accessed NSA confidential data using web scrapping tools      

Barclays Bank probing the breach of client data sold to rogue City traders      

New Snapchat Flaw Can DoS and Spam iOS and Android       

Vulnerabilities in International Components for Unicode allow attackers to cause Denial of Service Attack

Published on: 2/10/2014

Two vulnerabilities in International Components for Unicode might allow remote attackers to cause a Denial of Service condition.

Two vulnerabilities in International Components for Unicode might allow remote attackers to cause a Denial of Service condition.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: International Components for Unicode: Denial of Service
     Date: February 10, 2014
     Bugs: #460426, #486948
       ID: 201402-14

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Two vulnerabilities in International Components for Unicode might allow
remote attackers to cause a Denial of Service condition.

Background
==========

International Components for Unicode is a set of C/C++ and Java
libraries providing Unicode and Globalization support for software
applications.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  dev-libs/icu                < 51.2-r1                 >= 51.2-r1

Description
===========

Multiple vulnerabilities have been discovered in International
Components for Unicode. Please review the CVE identifiers referenced
below for details.

Impact
======

A remote attacker could possibly cause a Denial of Service condition.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All International Components for Unicode users should upgrade to the
latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=dev-libs/icu-51.2-r1"

Packages which depend on this library may need to be recompiled. Tools
such as revdep-rebuild may assist in identifying some of these
packages.

References
==========

[ 1 ] CVE-2013-0900
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0900
[ 2 ] CVE-2013-2924
      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2924



Multiple issues in Iceweasel, Debian's version of the Mozilla Firefox web browser

Multiple security issues have been found in Iceweasel, Debian's version of the Mozilla Firefox web browser: Multiple memory safety errors, use-after-frees, too-verbose error messages and missing permission checks may lead to the execution of arbitrary code, the bypass of security
Read More

New Snapchat Flaw Can DoS and Spam iOS and Android

A security researcher has discovered a new flaw in Snapchat that allows users to deliver a denial of service attack against individual iOS or Android users, or alternatively more easily deliver spam to a large number of users. It is the latest in a series of problems experienced by Snapchat over the last few months.
Read More