"-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1762-1 security@debian.org
http://www.debian.org/security/ Steffen Joeris
April 02, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icu
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-1036
It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-
site scripting attacks.
For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.
We recommend that you upgrade your icu packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
Size/MD5 checksum: 14912 d15e89ba186f4003cf0fe25523bf5b68
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
Size/MD5 checksum: 600 be64e9d5a346866e9cb5c0f60243d2fe
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
Size/MD5 checksum: 3334030 c6e6fbd348c8d802746a890393a767a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
Size/MD5 checksum: 5584350 c988d1810f2abe6aca3c530061343674
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
Size/MD5 checksum: 7009562 489c1341f1331b8664ec201d7b0896ac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
Size/MD5 checksum: 5444828 4cf4fecae90466c879a1b506da4b54da
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
Size/MD5 checksum: 6584058 b74be6476a73b13f397c742dd05a46ef
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
Size/MD5 checksum: 5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
Size/MD5 checksum: 6625136 a64d8a5965f960b7a42f175465552d1b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
Size/MD5 checksum: 6480730 bab51b594e5b159ec97c4d0a78e137d4
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
Size/MD5 checksum: 5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
Size/MD5 checksum: 7240032 54c98bff14b4d4b9106cbe4a0f37a790
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
Size/MD5 checksum: 5865936 dfe2b9a21d02b3f6d0328076e90884b9
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
Size/MD5 checksum: 5747772 6f7e94aa52df7e55632aded82da5be5b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
Size/MD5 checksum: 7032276 c873f62a11e599880d349171be6724b7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 6767430 c34cfe617b2fa3b0ac265f445a77b151
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 5462642 42cec53922ec7b565c314daca3480331
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 6889534 dbbcea68da2b4cde02734cf8af6a8bdd
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 5748424 4af92234d22b585cdce7912733bc309e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
Size/MD5 checksum: 6895200 637a01ea921657380bd42959e4bd5adf
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
Size/MD5 checksum: 5777440 b1be81050b86652f9c1d943bc4887dc7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
Size/MD5 checksum: 6772296 b0bb6f8d327193d0e9055e8eb8f98a51
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
Size/MD5 checksum: 5671528 fa33dfa1c2278405708d23cd94be6919
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
Size/MD5 checksum: 1297 daaf6d8629a5cde19dcfed98bc9a84a9
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz
Size/MD5 checksum: 20267 9c9d1d71c50f4deec44e95a9d5ea2530
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb
Size/MD5 checksum: 3774790 1a1cd3c7fde641350322461af9f57a37
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 7565948 02e495e8771842e904cf67a80de61b82
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 6065532 de58265aad775defadbb2a7b6af9d88d
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb
Size/MD5 checksum: 2364976 a28a051462a4b40c1ca94b663145ce16
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 6062920 3a90fc0d97f43436e4cca417a662b0f8
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 2401370 d54929d018b9c28224299bad4b3fd3a7
http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 5920040 bfbb1dd39f462c2737a114f40fc3b494
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb
Size/MD5 checksum: 5932356 bcf6d7dab8a71f00e702384b97cf19a4
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 2286786 ce4bb8567f48cc3cf235368db8963544
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 7183924 fbc8204644ef5e0fc74fc22f7d26034a
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb
Size/MD5 checksum: 5907872 93989d0a25c86c9e38e6317ca420fbc4
armel architecture (ARM EABI)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 1755700 89f87c26a0ce9a7f923a05d9b2555673
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 7411842 70fc597eeb9c0e9e68d0137e0216f124
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb
Size/MD5 checksum: 5847710 08c26011ddb182edb57549e671d6cc61
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 6377564 b8b8b1a62a0a02dd8469f7c172d92415
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 7663982 cae24c749162aa3f4a896ec5dbde678a
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb
Size/MD5 checksum: 2357154 3ba097e27ead38178bbb8f804f13d77a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 2278828 f9111677c4e7b9244bd643d748e2f18c
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb
Size/MD5 checksum: 6991888 351e9f8d60f139c335bf7ea07235dc08
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 7825392 c99733de07fe43de5c0c1d923ebf93aa
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb
Size/MD5 checksum: 2207992 757e5e5c49c66411cc7e1077808c7576
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 7599142 1d81608602f7b3a18dc8e3d03bf603ff
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 6207630 d7bd482f6030f1ae4ff75c4735947b08
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb
Size/MD5 checksum: 2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 2405182 59d89f0a9a81429ec02f87debcb8e6a3
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 5898892 94257031e244b5b52e9cbe8e37bb1f30
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb
Size/MD5 checksum: 7293408 f70b0c75989a5983f6921ee323b99c3c
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 6290800 bae34e705b5213d14a638350398a7d29
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 7460598 8edd0cb02d62dfc5ce69c872e413ca39
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb
Size/MD5 checksum: 2376240 00fc0ad10f85fded7380fcaaccbe1514
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 7434356 de117fb929327d908c11ede36daa9166
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 6269494 a17ae098f688e8a14bc79854013cada4
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb
Size/MD5 checksum: 2468406 d57fdf831571e1147f213051a50f8fdd
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 6144646 e12966bb72793d7e6220eafd5ddb0c88
http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 2133070 454335db0966dc15c78261ef1a8fdcfc
http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb
Size/MD5 checksum: 7302732 432d9fdee1502bf363d1db33ee6519ab
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAknUvVEACgkQ62zWxYk/rQdThwCePQlHdG3uednXCExAwDUkG/wm
pvQAn20Sklo2kbg8oQWMfCF2NOLJnw1M
=yQp0
-----END PGP SIGNATURE-----
"
DSA 1739-1: New mldonkey packages fix information disclosure
R&B singer Wayna arrested at Houston airport
(AP)
DSA 1741-1: New psi packages fix denial of service
This entry was posted
on 10:29 PM
.
Archives
-
▼
2009
(488)
-
▼
April
(30)
- DSA 1772-1: New udev packages fix privilege escala...
- GLSA 200904-15 mpg123: User-assisted execution of...
- USN-758-1: udev vulnerabilities
- RHSA-2009:0350-01 Moderate: php security update
- RHSA-2009:0421-01 Moderate: ghostscript security u...
- GLSA 200904-13 Ventrilo: Denial of Service
- USN-756-1: ClamAV vulnerability
- DSA 1770-1: New imp4 packages fix cross-site scrip...
- DSA 1754-1: New roundup packages fix privilege esc...
- ull-disclosure [ GLSA 200904-11
- DSA 1769-1: New openjdk-6 packages fix arbitrary c...
- ull-disclosure [ GLSA 200904-12
- GLSA 200904-10 Avahi: Denial of Service
- DSA 1766-1: New krb5 packages fix several vulnerab...
- GLSA 200904-09 MIT Kerberos 5: Multiple vulnerabi...
- DSA 1767-1: New multipath-tools packages fix denia...
- RHSA-2009:0377-01 Important: java-1.6.0-openjdk se...
- GLSA 200904-11 Tor: Multiple vulnerabilities
- GLSA 200904-04 WeeChat: Denial of Service
- DSA 1761-1: New moodle packages fix file disclosure
- GLSA 200904-03 Gnumeric: Untrusted search path
- DSA 1758-1: New nss-ldapd packages fix information...
- GLSA 200904-01 Openfire: Multiple vulnerabilities
- RHSA-2009:0326-01 Important: kernel security and b...
- DSA 1762-1: New icu packages fix cross site scripting
- GLSA 200903-40 Analog: Denial of Service
- RHSA-2009:0402-01 Important: openswan security update
- DSA 1759-1: New strongswan packages fix denial of ...
- RHSA-2009:0398-01 Critical: seamonkey security update
- GLSA 200903-41 gedit: Untrusted search path
-
▼
April
(30)