Bug 1807349 (CVE-2020-10531)
Summary: | CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend() | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | ahughes, dbhole, eng-i18n-bugs, erack, hhorak, jorton, jvanek, mfabian, mrunge, nodejs-maint, nodejs-sig, patrickm, rh-spice-bugs, sgallagh, srl, tcallawa, tchollingsworth, thrcka, tpopela, yaneti, yozone, zsvetlik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | chromium-browser 80.0.3987.122, node 14.3.0, node 12.17.0, node 10.21.0 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-03-09 10:31:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1807358, 1807359, 1808235, 1808236, 1808237, 1808238, 1808239, 1808241, 1809876, 1811497, 1811498, 1811499, 1811500, 1811501, 1811502, 1846543, 1846544, 1846545, 1846546, 1846887, 1846888, 1846889, 1846890, 1846891, 1846892, 1846895 | ||
Bug Blocks: | 1808382 |
Description
Dhananjay Arunesh
2020-02-26 07:34:08 UTC
External References: https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html Created chromium tracking bugs for this issue: Affects: epel-all [bug 1807359] Affects: fedora-all [bug 1807358] Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (private) Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private) Upstream pull request: https://github.com/unicode-org/icu/pull/971 Upstream patch: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2020:0738 https://access.redhat.com/errata/RHSA-2020:0738 Patch in Chromium sources: https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08 Note that the ICU 66 (66.1) that was released yesterday: https://sourceforge.net/p/icu/mailman/icu-announce/thread/CAN49p6qisNX4gKpFpdECYTohTXQZ87RGYy%2Bzm_Ej9BMUP2GA8Q%40mail.gmail.com/#msg36945841 does not include the fix for this issue. Version 67 may be the first ICU version to include it. This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2020:0896 https://access.redhat.com/errata/RHSA-2020:0896 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:0897 https://access.redhat.com/errata/RHSA-2020:0897 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:0901 https://access.redhat.com/errata/RHSA-2020:0901 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:0902 https://access.redhat.com/errata/RHSA-2020:0902 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1293 https://access.redhat.com/errata/RHSA-2020:1293 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1317 https://access.redhat.com/errata/RHSA-2020:1317 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions Via RHSA-2020:1343 https://access.redhat.com/errata/RHSA-2020:1343 Created nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846887] Created nodejs:10/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846888] Created nodejs:11/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846889] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846890] Created nodejs:13/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846891] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1846892] Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1846895] This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:2895 https://access.redhat.com/errata/RHSA-2020:2895 This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2020:3084 https://access.redhat.com/errata/RHSA-2020:3084 |