=========================================================== Ubuntu Security Notice USN-846-1 October 08, 2009 icu vulnerability CVE-2009-0153 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 8.04 LTS: libicu38 3.8-6ubuntu0.2 Ubuntu 8.10: libicu38 3.8.1-2ubuntu0.2 Ubuntu 9.04: libicu38 3.8.1-3ubuntu1.1 After a standard system upgrade you need to restart applications linked against libicu, such as OpenOffice.org, to effect the necessary changes. Details follow: It was discovered that ICU did not properly handle invalid byte sequences during Unicode conversion. If an application using ICU processed crafted data, content security mechanisms could be bypassed, potentially leading to cross-site scripting (XSS) attacks. Updated packages for Ubuntu 8.04 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.diff.gz Size/MD5: 39891 a9003bd5c90941d57b87b15da535c7ad http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.2.dsc Size/MD5: 999 39c79a838f98141852055e5a87a825de http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.2_all.deb Size/MD5: 3658652 a0fb7bd752ac152d52d80f8bd2478e91 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.2_amd64.deb Size/MD5: 5998738 56ad82b318d679eade7cc8f711a1d884 http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.2_amd64.deb Size/MD5: 5878874 ef2ef3d16baf3ca869cdbc0912a01548 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_amd64.deb Size/MD5: 7041876 e497c872182c8ebdfda82fa059dc835e http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_amd64.deb Size/MD5: 2355482 8b03119266dbd457d4dfe79d0fc89f56 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_amd64.deb Size/MD5: 5874242 33c74e01cb617ff55d2fe95b39b86561 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_i386.deb Size/MD5: 6908186 631b3f268a7037b3971c2d173db599de http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_i386.deb Size/MD5: 2251190 efb0783d113baa1cff2a049e7b80e43b http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_i386.deb Size/MD5: 5877908 b09ecf646ae698d7a9a8520827945568 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_lpia.deb Size/MD5: 6930696 0f6d24c80f44889e97897c9978bcee11 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_lpia.deb Size/MD5: 2287226 e9824136cf28017ff39b2cfb6a981884 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_lpia.deb Size/MD5: 5877624 9279deb9a8aca6b8b60a00429cf8136f powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_powerpc.deb Size/MD5: 7375762 1b59c57da88ce9993d0d153641e13494 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_powerpc.deb Size/MD5: 2347482 92e939e93e9e411f0e6b426465e18479 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_powerpc.deb Size/MD5: 6238046 994b10686f5ed140c18617f4f78f0177 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.2_sparc.deb Size/MD5: 7247458 6089dcd7579f524163608101c7027be7 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.2_sparc.deb Size/MD5: 2127014 4e8138da6801a39a88d10b63b1a768c6 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.2_sparc.deb Size/MD5: 6108574 76a749c0a9bd1ed8779da473d860c91f Updated packages for Ubuntu 8.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.diff.gz Size/MD5: 43579 1e1ee08a9a83f3068f5f23431898bef1 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.2.dsc Size/MD5: 1389 9baccafe2b13277610c386b592cf0ed7 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.2_all.deb Size/MD5: 3659052 11dcd169aafa532554920b1466a12e52 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.2_amd64.deb Size/MD5: 6064634 caae8ed67cd66a42528ff5f0c9aaecb1 http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.2_amd64.deb Size/MD5: 5929202 fcb92eab71ecf6406e16327165af7791 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_amd64.deb Size/MD5: 7126190 107bb9a78c39d899012cbe375ee37a8c http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_amd64.deb Size/MD5: 2423734 a0a4ed6ae35fb6a60692fed43c7ee443 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_amd64.deb Size/MD5: 5937460 6a182ef6c96fab5f2631dd3a9e395609 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_i386.deb Size/MD5: 6981288 750c0842c0147488135148a987bca196 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_i386.deb Size/MD5: 2296366 f79f87af19276d6af395fa8d0eb9f09a http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_i386.deb Size/MD5: 5928488 a8558984b776f0171b14f4ec108fca28 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_lpia.deb Size/MD5: 6992836 902a1c03427a58c720402a06d9da2fbc http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_lpia.deb Size/MD5: 2327890 9531ab6ac64ee71af0ae3584884fe892 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_lpia.deb Size/MD5: 5920830 f87977fad30a35898ca12f611ed3ee37 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_powerpc.deb Size/MD5: 7455188 c5c2db6fcc9bd5d1a528bd319feeb4c1 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_powerpc.deb Size/MD5: 2406824 688b85689752e7978f596b87648978e2 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_powerpc.deb Size/MD5: 6298424 3ebc1c901a357ecea521150fb30250bc sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.2_sparc.deb Size/MD5: 7311880 36eebf24a69e614c5bc0f7b43ad72150 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.2_sparc.deb Size/MD5: 2157374 679d30b126527c91ddcb681809614bd0 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.2_sparc.deb Size/MD5: 6150954 2fe31d4eb7b23de32c44f9e3475f0030 Updated packages for Ubuntu 9.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.diff.gz Size/MD5: 43714 5e24c0f825a070416b978f6de6c7d796 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-3ubuntu1.1.dsc Size/MD5: 1389 4503103f041db170525fd0fbb682b278 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-3ubuntu1.1_all.deb Size/MD5: 3668642 083d032886854500ded9abc473282c4d amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-3ubuntu1.1_amd64.deb Size/MD5: 6064504 8e0b693019abb069b38acaee91565f83 http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-3ubuntu1.1_amd64.deb Size/MD5: 5928680 dbb2368817c78e9c733acf866fedf943 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_amd64.deb Size/MD5: 7126066 14644c84ac505cc6b2447c740af43884 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_amd64.deb Size/MD5: 2428650 fa5a5c2531a39e4b06ed724aee66059a http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_amd64.deb Size/MD5: 5937502 ff048b56c05fb4e3ba7c5fc06a074e92 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_i386.deb Size/MD5: 6981110 571c6c5f2606a5fbf004f11cc86431bf http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_i386.deb Size/MD5: 2302390 acad6ee28a76d3ffac30e91e07dd5dfa http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_i386.deb Size/MD5: 5927786 259fdc0762375dc7b51fc50cbe3aa7b5 lpia architecture (Low Power Intel Architecture): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_lpia.deb Size/MD5: 6992504 6740813793e38eb7fdbaec0efd442efb http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_lpia.deb Size/MD5: 2334178 cbe4fcd316651002077b35bf9dc06645 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_lpia.deb Size/MD5: 5920926 8ec24b877e58bbc67f647d55a7812a16 powerpc architecture (Apple Macintosh G3/G4/G5): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_powerpc.deb Size/MD5: 7455026 876d12de93bff14dbe019f24716c1128 http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_powerpc.deb Size/MD5: 2414094 8c0f3f24ef70a713e11700354782d1df http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_powerpc.deb Size/MD5: 6298526 94481c1ea5d4e206bd524edf240822c0 sparc architecture (Sun SPARC/UltraSPARC): http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-3ubuntu1.1_sparc.deb Size/MD5: 7311548 1b599818a69e112f261b14b5e25958db http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-3ubuntu1.1_sparc.deb Size/MD5: 2161718 db4c497cb59c8463f24db8cbb409a812 http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-3ubuntu1.1_sparc.deb Size/MD5: 6150712 d902eed5ac198d3ed0749cbc25dd4ce6
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/