A couple of other Ubuntu distros were affected

May 13, 2015 15:57 GMT  ·  By

Canonical has published details in a security notice about an ICU vulnerability that has been found and fixed in Ubuntu 15.04, Ubuntu 14.10, and Ubuntu 14.04 LTS.

A new version of the icu (International Components for Unicode library) package has been pushed into the official repositories and should be available for upgrade. Apparently, ICU could have been made to crash or run programs, as the user's login if it processed specially crafted data.

According to the security notice, "Pedro Ribeiro discovered that ICU incorrectly handled certain memory operations when processing data. If an application using ICU processed crafted data, an attacker could cause it to crash or potentially execute arbitrary code with the privileges of the user invoking the program."

For a more detailed description of the problems, you can see Canonical's security notification. Users should upgrade their Linux distribution in order to correct this issue. The problem can be corrected if you upgrade your system(s) to the latest libicu52 package specific to each distribution. To apply the patch, users can simply run the Update Manager application.

If you don't want to use the Software Updater, you can open a terminal and enter the following commands (you will need to be root):

code
sudo apt-get update
sudo apt-get dist-upgrade
In general, a standard system update will make all the necessary changes and rebooting is not necessary.