Bug 1807349 (CVE-2020-10531) - CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
Summary: CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-10531
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1846544 1846546 1846887 1846888 1846889 1846890 1846891 1846892 1846895 1807358 1807359 1808235 1808236 1808237 1808238 1808239 1808241 1809876 1811497 1811498 1811499 1811500 1811501 1811502 1846543 1846545
Blocks: 1808382
TreeView+ depends on / blocked
 
Reported: 2020-02-26 07:34 UTC by Dhananjay Arunesh
Modified: 2020-08-03 07:54 UTC (History)
22 users (show)

Fixed In Version: chromium-browser 80.0.3987.122, node 14.3.0, node 12.17.0, node 10.21.0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-03-09 10:31:45 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2020:0907 None None None 2020-03-19 19:07:01 UTC
Red Hat Product Errata RHBA-2020:0941 None None None 2020-03-23 13:30:36 UTC
Red Hat Product Errata RHBA-2020:1291 None None None 2020-04-02 06:42:02 UTC
Red Hat Product Errata RHBA-2020:2900 None None None 2020-07-13 18:24:51 UTC
Red Hat Product Errata RHBA-2020:3095 None None None 2020-07-22 11:25:43 UTC
Red Hat Product Errata RHBA-2020:3149 None None None 2020-07-27 03:19:49 UTC
Red Hat Product Errata RHBA-2020:3269 None None None 2020-08-03 07:54:35 UTC
Red Hat Product Errata RHSA-2020:0738 None None None 2020-03-09 08:23:05 UTC
Red Hat Product Errata RHSA-2020:0896 None None None 2020-03-18 16:57:58 UTC
Red Hat Product Errata RHSA-2020:0897 None None None 2020-03-18 17:02:13 UTC
Red Hat Product Errata RHSA-2020:0901 None None None 2020-03-19 10:43:09 UTC
Red Hat Product Errata RHSA-2020:0902 None None None 2020-03-19 11:22:34 UTC
Red Hat Product Errata RHSA-2020:1293 None None None 2020-04-02 08:15:07 UTC
Red Hat Product Errata RHSA-2020:1317 None None None 2020-04-06 08:19:17 UTC
Red Hat Product Errata RHSA-2020:1343 None None None 2020-04-07 07:40:41 UTC
Red Hat Product Errata RHSA-2020:2895 None None None 2020-07-13 10:48:08 UTC
Red Hat Product Errata RHSA-2020:3084 None None None 2020-07-21 19:28:59 UTC

Description Dhananjay Arunesh 2020-02-26 07:34:08 UTC
Integer overflow in ICU

Comment 1 Dhananjay Arunesh 2020-02-26 07:35:00 UTC
External References:

https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html

Comment 2 Dhananjay Arunesh 2020-02-26 07:41:59 UTC
Created chromium tracking bugs for this issue:

Affects: epel-all [bug 1807359]
Affects: fedora-all [bug 1807358]

Comment 10 errata-xmlrpc 2020-03-09 08:23:01 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6 Supplementary

Via RHSA-2020:0738 https://access.redhat.com/errata/RHSA-2020:0738

Comment 12 Tomas Hoger 2020-03-12 15:59:43 UTC
Note that the ICU 66 (66.1) that was released yesterday:

https://sourceforge.net/p/icu/mailman/icu-announce/thread/CAN49p6qisNX4gKpFpdECYTohTXQZ87RGYy%2Bzm_Ej9BMUP2GA8Q%40mail.gmail.com/#msg36945841

does not include the fix for this issue.  Version 67 may be the first ICU version to include it.

Comment 14 errata-xmlrpc 2020-03-18 16:57:54 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 6

Via RHSA-2020:0896 https://access.redhat.com/errata/RHSA-2020:0896

Comment 15 errata-xmlrpc 2020-03-18 17:02:09 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2020:0897 https://access.redhat.com/errata/RHSA-2020:0897

Comment 16 errata-xmlrpc 2020-03-19 10:43:02 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:0901 https://access.redhat.com/errata/RHSA-2020:0901

Comment 17 errata-xmlrpc 2020-03-19 11:22:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:0902 https://access.redhat.com/errata/RHSA-2020:0902

Comment 20 errata-xmlrpc 2020-04-02 08:15:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1293 https://access.redhat.com/errata/RHSA-2020:1293

Comment 21 errata-xmlrpc 2020-04-06 08:19:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1317 https://access.redhat.com/errata/RHSA-2020:1317

Comment 22 errata-xmlrpc 2020-04-07 07:40:39 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions

Via RHSA-2020:1343 https://access.redhat.com/errata/RHSA-2020:1343

Comment 28 Cedric Buissart 2020-06-15 08:20:45 UTC
Created nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846887]


Created nodejs:10/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846888]


Created nodejs:11/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846889]


Created nodejs:12/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846890]


Created nodejs:13/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846891]


Created nodejs:14/nodejs tracking bugs for this issue:

Affects: fedora-all [bug 1846892]

Comment 29 Cedric Buissart 2020-06-15 08:27:14 UTC
Created nodejs tracking bugs for this issue:

Affects: epel-all [bug 1846895]

Comment 30 errata-xmlrpc 2020-07-13 10:48:03 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:2895 https://access.redhat.com/errata/RHSA-2020:2895

Comment 31 errata-xmlrpc 2020-07-21 19:28:56 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7
  Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
  Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS

Via RHSA-2020:3084 https://access.redhat.com/errata/RHSA-2020:3084


Note You need to log in before you can comment on or make changes to this bug.