Bug 1807349 (CVE-2020-10531)

Summary: CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
Product: [Other] Security Response Reporter: Dhananjay Arunesh <darunesh>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: unspecifiedCC: ahughes, dbhole, eng-i18n-bugs, erack, hhorak, jorton, jvanek, mfabian, mrunge, nodejs-maint, nodejs-sig, patrickm, rh-spice-bugs, sgallagh, srl, tcallawa, tchollingsworth, thrcka, tpopela, yaneti, yozone, zsvetlik
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: chromium-browser 80.0.3987.122, node 14.3.0, node 12.17.0, node 10.21.0 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-03-09 10:31:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1807358, 1807359, 1808235, 1808236, 1808237, 1808238, 1808239, 1808241, 1809876, 1811497, 1811498, 1811499, 1811500, 1811501, 1811502, 1846543, 1846544, 1846545, 1846546, 1846887, 1846888, 1846889, 1846890, 1846891, 1846892, 1846895    
Bug Blocks: 1808382    

Description Dhananjay Arunesh 2020-02-26 07:34:08 UTC 
Integer overflow in ICU
Comment 1 Dhananjay Arunesh 2020-02-26 07:35:00 UTC 
External References:

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Comment 2 Dhananjay Arunesh 2020-02-26 07:41:59 UTC 
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 1807359]
Affects: fedora-all [bug 1807358]
Comment 3 Huzaifa S. Sidhpurwala 2020-02-28 05:06:09 UTC 
Chromium bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (private)
Upstream ICU bug: https://unicode-org.atlassian.net/browse/ICU-20958 (private)
Upstream pull request: https://github.com/unicode-org/icu/pull/971
Upstream patch: https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca
Comment 10 errata-xmlrpc 2020-03-09 08:23:01 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:0738 https://access.redhat.com/errata/RHSA-2020:0738
Comment 11 Tomas Hoger 2020-03-12 13:45:37 UTC 
Patch in Chromium sources:
https://chromium.googlesource.com/chromium/deps/icu/+/9f4020916eb1f28f3666f018fdcbe6c9a37f0e08
Comment 12 Tomas Hoger 2020-03-12 15:59:43 UTC 
Note that the ICU 66 (66.1) that was released yesterday:

https://sourceforge.net/p/icu/mailman/icu-announce/thread/CAN49p6qisNX4gKpFpdECYTohTXQZ87RGYy%2Bzm_Ej9BMUP2GA8Q%40mail.gmail.com/#msg36945841

does not include the fix for this issue.  Version 67 may be the first ICU version to include it.
Comment 14 errata-xmlrpc 2020-03-18 16:57:54 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0896 https://access.redhat.com/errata/RHSA-2020:0896
Comment 15 errata-xmlrpc 2020-03-18 17:02:09 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0897 https://access.redhat.com/errata/RHSA-2020:0897
Comment 16 errata-xmlrpc 2020-03-19 10:43:02 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0901 https://access.redhat.com/errata/RHSA-2020:0901
Comment 17 errata-xmlrpc 2020-03-19 11:22:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0902 https://access.redhat.com/errata/RHSA-2020:0902
Comment 20 errata-xmlrpc 2020-04-02 08:15:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1293 https://access.redhat.com/errata/RHSA-2020:1293
Comment 21 errata-xmlrpc 2020-04-06 08:19:15 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1317 https://access.redhat.com/errata/RHSA-2020:1317
Comment 22 errata-xmlrpc 2020-04-07 07:40:39 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:1343 https://access.redhat.com/errata/RHSA-2020:1343
Comment 28 Cedric Buissart 2020-06-15 08:20:45 UTC 
Created nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846887]


Created nodejs:10/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846888]


Created nodejs:11/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846889]


Created nodejs:12/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846890]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846891]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846892]
Comment 29 Cedric Buissart 2020-06-15 08:27:14 UTC 
Created nodejs tracking bugs for this issue:

Affects: epel-all [bug 1846895]
Comment 30 errata-xmlrpc 2020-07-13 10:48:03 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:2895 https://access.redhat.com/errata/RHSA-2020:2895
Comment 31 errata-xmlrpc 2020-07-21 19:28:56 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:3084 https://access.redhat.com/errata/RHSA-2020:3084