CVE-2014-7940

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	15.10 wily	Fixed 40.0.2214.94-0ubuntu1.1120
	15.04 vivid	Fixed 40.0.2214.94-0ubuntu1.1120
	14.10 utopic	Fixed 40.0.2214.94-0ubuntu0.14.10.1.1110
	14.04 LTS trusty	Fixed 40.0.2214.94-0ubuntu0.14.04.1.1068
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored end of life
icu	15.10 wily	Not affected
	15.04 vivid	Not affected
	14.10 utopic	Fixed 52.1-6ubuntu0.2
	14.04 LTS trusty	Fixed 52.1-3ubuntu0.2
	12.04 LTS precise	Fixed 4.8.1.1-3ubuntu0.3
	10.04 LTS lucid	Ignored end of life
oxide-qt	15.10 wily	Fixed 1.4.2-0ubuntu1
	15.04 vivid	Fixed 1.4.2-0ubuntu1
	14.10 utopic	Fixed 1.4.2-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 1.4.2-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

Notes

mdeslaur

code in icu has changed, so no equivalent commit in icu tree first google patch is buggy, as prevPos is getting set _after_ the getNextNormalizedChar second google patch is buggy as source->endp is being checked without checking the UCOL_ITER_HASLEN flag

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
icu	Other: https://chromium.googlesource.com/chromium/deps/icu/+/866ff696e9022a6000afbab516fba62cfa306075 Other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100 Other: https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100/patches/col.patch

Status

Notes

mdeslaur

Patch details

References

Related Ubuntu Security Notices (USN)

Other references