"Ubuntu Security Notice USN-846-1 October 08, 2009
icu vulnerability
CVE-2009-0153
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 8.04 LTS:
libicu38 3.8-6ubuntu0.2
Ubuntu 8.10:
libicu38 3.8.1-2ubuntu0.2
Ubuntu 9.04:
libicu38 3.8.1-3ubuntu1.1
After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Details follow:
It was discovered that ICU did not properly handle invalid byte sequences
during Unicode conversion. If an application using ICU processed crafted
data, content security mechanisms could be bypassed, potentially leading to
cross-site scripting (XSS) attacks.
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.diff.gz
Size/MD5: 39891 a9003bd5c90941d57b87b15da535c7ad
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.dsc
Size/MD5: 999 39c79a838f98141852055e5a87a825de
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz
Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.2_all.deb
Size/MD5: 3658652 a0fb7bd752ac152d52d80f8bd2478e91
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.2_amd64.deb
Size/MD5: 5998738 56ad82b318d679eade7cc8f711a1d884
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.2_amd64.deb
Size/MD5: 5878874 ef2ef3d16baf3ca869cdbc0912a01548
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_amd64.deb
Size/MD5: 7041876 e497c872182c8ebdfda82fa059dc835e
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_amd64.deb
Size/MD5: 2355482 8b03119266dbd457d4dfe79d0fc89f56
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_amd64.deb
Size/MD5: 5874242 33c74e01cb617ff55d2fe95b39b86561
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_i386.deb
Size/MD5: 6908186 631b3f268a7037b3971c2d173db599de
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_i386.deb
Size/MD5: 2251190 efb0783d113baa1cff2a049e7b80e43b
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_i386.deb
Size/MD5: 5877908 b09ecf646ae698d7a9a8520827945568
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_lpia.deb
Size/MD5: 6930696 0f6d24c80f44889e97897c9978bcee11
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_lpia.deb
Size/MD5: 2287226 e9824136cf28017ff39b2cfb6a981884
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_lpia.deb
Size/MD5: 5877624 9279deb9a8aca6b8b60a00429cf8136f
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_powerpc.deb
Size/MD5: 7375762 1b59c57da88ce9993d0d153641e13494
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_powerpc.deb
Size/MD5: 2347482 92e939e93e9e411f0e6b426465e18479
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_powerpc.deb
Size/MD5: 6238046 994b10686f5ed140c18617f4f78f0177
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_sparc.deb
Size/MD5: 7247458 6089dcd7579f524163608101c7027be7
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_sparc.deb
Size/MD5: 2127014 4e8138da6801a39a88d10b63b1a768c6
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_sparc.deb
Size/MD5: 6108574 76a749c0a9bd1ed8779da473d860c91f
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.diff.gz
Size/MD5: 43579 1e1ee08a9a83f3068f5f23431898bef1
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.dsc
Size/MD5: 1389 9baccafe2b13277610c386b592cf0ed7
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.2_all.deb
Size/MD5: 3659052 11dcd169aafa532554920b1466a12e52
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.2_amd64.deb
Size/MD5: 6064634 caae8ed67cd66a42528ff5f0c9aaecb1
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.2_amd64.deb
Size/MD5: 5929202 fcb92eab71ecf6406e16327165af7791
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_amd64.deb
Size/MD5: 7126190 107bb9a78c39d899012cbe375ee37a8c
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_amd64.deb
Size/MD5: 2423734 a0a4ed6ae35fb6a60692fed43c7ee443
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_amd64.deb
Size/MD5: 5937460 6a182ef6c96fab5f2631dd3a9e395609
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_i386.deb
Size/MD5: 6981288 750c0842c0147488135148a987bca196
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_i386.deb
Size/MD5: 2296366 f79f87af19276d6af395fa8d0eb9f09a
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_i386.deb
Size/MD5: 5928488 a8558984b776f0171b14f4ec108fca28
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_lpia.deb
Size/MD5: 6992836 902a1c03427a58c720402a06d9da2fbc
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_lpia.deb
Size/MD5: 2327890 9531ab6ac64ee71af0ae3584884fe892
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_lpia.deb
Size/MD5: 5920830 f87977fad30a35898ca12f611ed3ee37
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_powerpc.deb
Size/MD5: 7455188 c5c2db6fcc9bd5d1a528bd319feeb4c1
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_powerpc.deb
Size/MD5: 2406824 688b85689752e7978f596b87648978e2
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_powerpc.deb
Size/MD5: 6298424 3ebc1c901a357ecea521150fb30250bc
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_sparc.deb
Size/MD5: 7311880 36eebf24a69e614c5bc0f7b43ad72150
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_sparc.deb
Size/MD5: 2157374 679d30b126527c91ddcb681809614bd0
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_sparc.deb
Size/MD5: 6150954 2fe31d4eb7b23de32c44f9e3475f0030
Updated packages for Ubuntu 9.04:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.diff.gz
Size/MD5: 43714 5e24c0f825a070416b978f6de6c7d796
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.dsc
Size/MD5: 1389 4503103f041db170525fd0fbb682b278
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-3ubuntu1.1_all.deb
Size/MD5: 3668642 083d032886854500ded9abc473282c4d
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-3ubuntu1.1_amd64.deb
Size/MD5: 6064504 8e0b693019abb069b38acaee91565f83
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-3ubuntu1.1_amd64.deb
Size/MD5: 5928680 dbb2368817c78e9c733acf866fedf943
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_amd64.deb
Size/MD5: 7126066 14644c84ac505cc6b2447c740af43884
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_amd64.deb
Size/MD5: 2428650 fa5a5c2531a39e4b06ed724aee66059a
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_amd64.deb
Size/MD5: 5937502 ff048b56c05fb4e3ba7c5fc06a074e92
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_i386.deb
Size/MD5: 6981110 571c6c5f2606a5fbf004f11cc86431bf
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_i386.deb
Size/MD5: 2302390 acad6ee28a76d3ffac30e91e07dd5dfa
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_i386.deb
Size/MD5: 5927786 259fdc0762375dc7b51fc50cbe3aa7b5
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_lpia.deb
Size/MD5: 6992504 6740813793e38eb7fdbaec0efd442efb
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_lpia.deb
Size/MD5: 2334178 cbe4fcd316651002077b35bf9dc06645
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_lpia.deb
Size/MD5: 5920926 8ec24b877e58bbc67f647d55a7812a16
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_powerpc.deb
Size/MD5: 7455026 876d12de93bff14dbe019f24716c1128
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_powerpc.deb
Size/MD5: 2414094 8c0f3f24ef70a713e11700354782d1df
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_powerpc.deb
Size/MD5: 6298526 94481c1ea5d4e206bd524edf240822c0
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_sparc.deb
Size/MD5: 7311548 1b599818a69e112f261b14b5e25958db
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_sparc.deb
Size/MD5: 2161718 db4c497cb59c8463f24db8cbb409a812
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_sparc.deb
Size/MD5: 6150712 d902eed5ac198d3ed0749cbc25dd4ce6
--n8g4imXOkfNTN/H1
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEUEARECAAYFAkrOL40ACgkQW0JvuRdL8BqlIQCgmSdG5ordak2rTdC4oFjwv7Sx
lxAAmJTcY7onT3gbgf01qg9Z8f+Aao4=
Bz
-----END PGP SIGNATURE-----
"
USN-845-1: Pan vulnerabilityRihanna saved millions on new home
This entry was posted
on 3:51 PM
.
Archives
-
▼
2009
(488)
-
▼
October
(44)
- DSA 1915-1: New Linux 2.6.26 packages fix several ...
- RHSA-2009:1529-01 Moderate: samba security update
- USN-850-2: poppler regression
- GLSA 200910-03 Adobe Reader: Multiple vulnerabili...
- DSA 1919-1: New smarty packages fix several vulner...
- DSA 1917-1: New mimetex packages fix several vulne...
- DSA 1912-2: New advi packages fix arbitrary code e...
- GLSA 200910-02 Pidgin: Multiple vulnerabilities
- USN-850-1: poppler vulnerabilities
- RHSA-2009:1522-01 Moderate: kernel security and bu...
- RHSA-2009:1512-01 Important: kdegraphics security ...
- DSA 1912-1: New camlimages fix arbitrary code exec...
- DSA 1913-1: New bugzilla packages fix SQL injection
- DSA 1911-1: New pygresql packages provide secure e...
- RHSA-2009:1499-01 Critical: acroread security update
- RHSA-2009:1501-01 Important: xpdf security update
- USN-848-1: Zope vulnerabilities
- RHSA-2009:1503-01 Important: gpdf security update
- RHSA-2009:1505-01 Moderate: java-1.4.2-ibm securit...
- RHSA-2009:1504-01 Important: poppler security and ...
- DSA 1910-1: New mysql-ocaml packages provide secur...
- USN-849-1: libsndfile vulnerabilities
- RHSA-2009:1502-01 Important: kdegraphics security ...
- RHSA-2009:1513-01 Moderate: cups security update
- USN-847-1: Devscripts vulnerability
- DSA 1895-2: New opensaml2 and shibboleth-sp2 packa...
- DSA 1906-1: End-of-life announcement for clamav in...
- USN-846-1: ICU vulnerability
- USN-845-1: Pan vulnerability
- RHSA-2009:1484-01 Moderate: postgresql security up...
- USN-843-1: BackupPC vulnerability
- USN-842-1: Wget vulnerability
- USN-841-1: GLib vulnerability
- DSA 1902-1: New elinks packages fix arbitrary code...
- DSA 1899-1: New strongswan packages fix denial of ...
- DSA 1901-1: New mediawiki1.7 packages fix several ...
- RHSA-2009:1471-01 Important: elinks security update
- USN-839-1: Samba vulnerabilities
- DSA 1898-1: New openswan packages fix denial of se...
- RHSA-2009:1470-01 Moderate: openssh security update
- USN-838-1: Dovecot vulnerabilities
- RHSA-2009:1472-01 Moderate: xen security and bug f...
- RHSA-2009:1469-01 Important: kernel security update
- RHSA-2009:1455-01 Moderate: kernel security and bu...
-
▼
October
(44)