USN-4305-1: ICU vulnerability
Published Mar 17, 2020
·Updated
André Bargull discovered that ICU incorrectly handled certain strings. An attacker could possibly use this issue to execute arbitrary code.
Affected Software
10 affected componentsFixes available
All of the following
ubuntu/libicu63<63.2-2ubuntu0.1
63.2-2ubuntu0.1
Ubuntu Ubuntu=19.10
All of the following
ubuntu/libicu60<60.2-3ubuntu3.1
60.2-3ubuntu3.1
Ubuntu Ubuntu=18.04
All of the following
ubuntu/libicu55<55.1-7ubuntu0.5
55.1-7ubuntu0.5
Ubuntu Ubuntu=16.04
All of the following
ubuntu/libicu52<52.1-3ubuntu0.8+esm1
52.1-3ubuntu0.8+esm1
Ubuntu Ubuntu=14.04
All of the following
ubuntu/libicu48<4.8.1.1-3ubuntu0.10
4.8.1.1-3ubuntu0.10
Ubuntu Ubuntu=12.04
Event History
Mar 17, 2020
Advisory Published
via Ubuntu·12:00 AM
Frequently Asked Questions
1
What is the vulnerability ID of USN-4305-1?
USN-4305-1 is the vulnerability ID for the ICU vulnerability.
2
Who discovered the ICU vulnerability?
André Bargull discovered the ICU vulnerability.
3
What is the impact of the ICU vulnerability?
The ICU vulnerability could allow an attacker to execute arbitrary code.
4
Which versions of Ubuntu are affected by the ICU vulnerability?
The ICU vulnerability affects Ubuntu versions 19.10, 18.04, 16.04, 14.04, and 12.04.
5
How can I fix the ICU vulnerability?
To fix the ICU vulnerability, update the libicu package to the recommended remedy version.