Mandriva Linux Security Advisory : icu (MDVSA-2008:026)

high Nessus Plugin ID 37215


The remote Mandriva Linux host is missing one or more security updates.


Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application.

The updated packages have been patched to correct these issues.


Update the affected packages.

Plugin Details

Severity: High

ID: 37215

File Name: mandriva_MDVSA-2008-026.nasl

Version: 1.14

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information


Risk Factor: Medium

Score: 5.9


Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64icu36, p-cpe:/a:mandriva:linux:libicu36, p-cpe:/a:mandriva:linux:lib64icu-devel, p-cpe:/a:mandriva:linux:icu-doc, cpe:/o:mandriva:linux:2008.0, p-cpe:/a:mandriva:linux:icu, p-cpe:/a:mandriva:linux:libicu-devel

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 1/25/2008

Reference Information

CVE: CVE-2007-4770, CVE-2007-4771

CWE: 399

MDVSA: 2008:026