[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [USN-846-1] ICU vulnerability



===========================================================
Ubuntu Security Notice USN-846-1           October 08, 2009
icu vulnerability
CVE-2009-0153
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 8.04 LTS
Ubuntu 8.10
Ubuntu 9.04

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 8.04 LTS:
  libicu38                        3.8-6ubuntu0.2

Ubuntu 8.10:
  libicu38                        3.8.1-2ubuntu0.2

Ubuntu 9.04:
  libicu38                        3.8.1-3ubuntu1.1

After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.

Details follow:

It was discovered that ICU did not properly handle invalid byte sequences
during Unicode conversion. If an application using ICU processed crafted
data, content security mechanisms could be bypassed, potentially leading to
cross-site scripting (XSS) attacks.


Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.diff.gz
      Size/MD5:    39891 a9003bd5c90941d57b87b15da535c7ad
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.dsc
      Size/MD5:      999 39c79a838f98141852055e5a87a825de
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz
      Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.2_all.deb
      Size/MD5:  3658652 a0fb7bd752ac152d52d80f8bd2478e91

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.2_amd64.deb
      Size/MD5:  5998738 56ad82b318d679eade7cc8f711a1d884
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.2_amd64.deb
      Size/MD5:  5878874 ef2ef3d16baf3ca869cdbc0912a01548
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_amd64.deb
      Size/MD5:  7041876 e497c872182c8ebdfda82fa059dc835e
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_amd64.deb
      Size/MD5:  2355482 8b03119266dbd457d4dfe79d0fc89f56
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_amd64.deb
      Size/MD5:  5874242 33c74e01cb617ff55d2fe95b39b86561

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_i386.deb
      Size/MD5:  6908186 631b3f268a7037b3971c2d173db599de
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_i386.deb
      Size/MD5:  2251190 efb0783d113baa1cff2a049e7b80e43b
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_i386.deb
      Size/MD5:  5877908 b09ecf646ae698d7a9a8520827945568

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_lpia.deb
      Size/MD5:  6930696 0f6d24c80f44889e97897c9978bcee11
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_lpia.deb
      Size/MD5:  2287226 e9824136cf28017ff39b2cfb6a981884
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_lpia.deb
      Size/MD5:  5877624 9279deb9a8aca6b8b60a00429cf8136f

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_powerpc.deb
      Size/MD5:  7375762 1b59c57da88ce9993d0d153641e13494
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_powerpc.deb
      Size/MD5:  2347482 92e939e93e9e411f0e6b426465e18479
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_powerpc.deb
      Size/MD5:  6238046 994b10686f5ed140c18617f4f78f0177

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_sparc.deb
      Size/MD5:  7247458 6089dcd7579f524163608101c7027be7
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_sparc.deb
      Size/MD5:  2127014 4e8138da6801a39a88d10b63b1a768c6
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_sparc.deb
      Size/MD5:  6108574 76a749c0a9bd1ed8779da473d860c91f

Updated packages for Ubuntu 8.10:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.diff.gz
      Size/MD5:    43579 1e1ee08a9a83f3068f5f23431898bef1
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.dsc
      Size/MD5:     1389 9baccafe2b13277610c386b592cf0ed7
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
      Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.2_all.deb
      Size/MD5:  3659052 11dcd169aafa532554920b1466a12e52

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.2_amd64.deb
      Size/MD5:  6064634 caae8ed67cd66a42528ff5f0c9aaecb1
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.2_amd64.deb
      Size/MD5:  5929202 fcb92eab71ecf6406e16327165af7791
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_amd64.deb
      Size/MD5:  7126190 107bb9a78c39d899012cbe375ee37a8c
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_amd64.deb
      Size/MD5:  2423734 a0a4ed6ae35fb6a60692fed43c7ee443
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_amd64.deb
      Size/MD5:  5937460 6a182ef6c96fab5f2631dd3a9e395609

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_i386.deb
      Size/MD5:  6981288 750c0842c0147488135148a987bca196
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_i386.deb
      Size/MD5:  2296366 f79f87af19276d6af395fa8d0eb9f09a
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_i386.deb
      Size/MD5:  5928488 a8558984b776f0171b14f4ec108fca28

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_lpia.deb
      Size/MD5:  6992836 902a1c03427a58c720402a06d9da2fbc
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_lpia.deb
      Size/MD5:  2327890 9531ab6ac64ee71af0ae3584884fe892
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_lpia.deb
      Size/MD5:  5920830 f87977fad30a35898ca12f611ed3ee37

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_powerpc.deb
      Size/MD5:  7455188 c5c2db6fcc9bd5d1a528bd319feeb4c1
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_powerpc.deb
      Size/MD5:  2406824 688b85689752e7978f596b87648978e2
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_powerpc.deb
      Size/MD5:  6298424 3ebc1c901a357ecea521150fb30250bc

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_sparc.deb
      Size/MD5:  7311880 36eebf24a69e614c5bc0f7b43ad72150
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_sparc.deb
      Size/MD5:  2157374 679d30b126527c91ddcb681809614bd0
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_sparc.deb
      Size/MD5:  6150954 2fe31d4eb7b23de32c44f9e3475f0030

Updated packages for Ubuntu 9.04:

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.diff.gz
      Size/MD5:    43714 5e24c0f825a070416b978f6de6c7d796
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.dsc
      Size/MD5:     1389 4503103f041db170525fd0fbb682b278
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
      Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57

  Architecture independent packages:

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-3ubuntu1.1_all.deb
      Size/MD5:  3668642 083d032886854500ded9abc473282c4d

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-3ubuntu1.1_amd64.deb
      Size/MD5:  6064504 8e0b693019abb069b38acaee91565f83
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-3ubuntu1.1_amd64.deb
      Size/MD5:  5928680 dbb2368817c78e9c733acf866fedf943
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_amd64.deb
      Size/MD5:  7126066 14644c84ac505cc6b2447c740af43884
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_amd64.deb
      Size/MD5:  2428650 fa5a5c2531a39e4b06ed724aee66059a
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_amd64.deb
      Size/MD5:  5937502 ff048b56c05fb4e3ba7c5fc06a074e92

  i386 architecture (x86 compatible Intel/AMD):

    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_i386.deb
      Size/MD5:  6981110 571c6c5f2606a5fbf004f11cc86431bf
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_i386.deb
      Size/MD5:  2302390 acad6ee28a76d3ffac30e91e07dd5dfa
    
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_i386.deb
      Size/MD5:  5927786 259fdc0762375dc7b51fc50cbe3aa7b5

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_lpia.deb
      Size/MD5:  6992504 6740813793e38eb7fdbaec0efd442efb
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_lpia.deb
      Size/MD5:  2334178 cbe4fcd316651002077b35bf9dc06645
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_lpia.deb
      Size/MD5:  5920926 8ec24b877e58bbc67f647d55a7812a16

  powerpc architecture (Apple Macintosh G3/G4/G5):

    
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_powerpc.deb
      Size/MD5:  7455026 876d12de93bff14dbe019f24716c1128
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_powerpc.deb
      Size/MD5:  2414094 8c0f3f24ef70a713e11700354782d1df
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_powerpc.deb
      Size/MD5:  6298526 94481c1ea5d4e206bd524edf240822c0

  sparc architecture (Sun SPARC/UltraSPARC):

    
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_sparc.deb
      Size/MD5:  7311548 1b599818a69e112f261b14b5e25958db
    
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_sparc.deb
      Size/MD5:  2161718 db4c497cb59c8463f24db8cbb409a812
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_sparc.deb
      Size/MD5:  6150712 d902eed5ac198d3ed0749cbc25dd4ce6


Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/