[USN-747-1] ICU vulnerability
Subject: [USN-747-1] ICU vulnerability
From: Marc Deslauriers <marc.deslauriers@canonical.com.>
Reply-To: Ubuntu Security <security@ubuntu.com.>
To: [email protected]
Cc: "[email protected]" <bugtraq@securityfocus.com.>,
[email protected]
X-Original-To: [email protected]
X-Mailcontrol-Inbound:
uq3drnD2P+ps5SfEb0fvr78+NoP1DHBZwGqKpaXB2eTgNv8D6KLIxb8+NoP1DHBZ8VSaBg0k0xw=
X-Spam-Score: -13.1
X-Scanned-By: MailControl A_08_51_00 (www.mailcontrol.com) on 10.74.0.149
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="=-j9z04Z7qbYV7tUufXLD+"
Date: Thu, 26 Mar 2009 15:28:21 -0400
Message-Id: <1238095701.13798.6.camel@mdlinux.technorage.com.>
Mime-Version: 1.0
X-Mailer: Evolution 2.26.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-j9z04Z7qbYV7tUufXLD+
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
Ubuntu Security Notice USN-747-1 March 26, 2009
icu vulnerability
CVE-2008-1036
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D
A security issue affects the following Ubuntu releases:
Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10
This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.
The problem can be corrected by upgrading your system to the
following package versions:
Ubuntu 6.06 LTS:
libicu34 3.4.1a-1ubuntu1.6.06.2
Ubuntu 7.10:
libicu36 3.6-3ubuntu0.2
Ubuntu 8.04 LTS:
libicu38 3.8-6ubuntu0.1
Ubuntu 8.10:
libicu38 3.8.1-2ubuntu0.1
After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.
Details follow:
It was discovered that libicu did not correctly handle certain invalid
encoded data. If a user or automated system were tricked into processing
specially crafted data with applications linked against libicu, certain
content filters could be bypassed.
Updated packages for Ubuntu 6.06 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6=
.06.2.diff.gz
Size/MD5: 16244 dcba370b3c69ede4caada2cef6097a69
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6=
.06.2.dsc
Size/MD5: 627 c389b659aef98a101d3b809d1b9179b4
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.g=
z
Size/MD5: 9039695 d45f59eb03b22cff127173cd3017f2e6
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubunt=
u1.6.06.2_all.deb
Size/MD5: 2916034 42b832f87d208c258594b016a27613d3
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1=
ubuntu1.6.06.2_amd64.deb
Size/MD5: 5875686 b8d2da7ecb92b29b968cddc64e2dc745
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubun=
tu1.6.06.2_amd64.deb
Size/MD5: 4792684 462550a7885baf62c31eaf830b6c7db0
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1=
ubuntu1.6.06.2_i386.deb
Size/MD5: 5699948 5046cc627de4e5f664db86ed0fddbbb3
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubun=
tu1.6.06.2_i386.deb
Size/MD5: 4738084 17eeb1616ef7872ba918d5016280380b
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1=
ubuntu1.6.06.2_powerpc.deb
Size/MD5: 6049128 836759b1e1a985e8e8dc56e25dca5f2e
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubun=
tu1.6.06.2_powerpc.deb
Size/MD5: 4942576 596e46c4eca4d82f0390b2498af68e76
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1=
ubuntu1.6.06.2_sparc.deb
Size/MD5: 5944400 14053337b91d73b2aa2ad6823d598acf
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubun=
tu1.6.06.2_sparc.deb
Size/MD5: 4870286 4aa90044609bfadd3571b74978e8de92
Updated packages for Ubuntu 7.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.di=
ff.gz
Size/MD5: 15909 0aa59cbaaef67c9c50054128e201456b
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.ds=
c
Size/MD5: 692 bfd481cc3f5af820727dac270cc1b287
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5: 9778863 0f1bda1992b4adca62da68a7ad79d830
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-3ubuntu0.=
2_all.deb
Size/MD5: 3577674 4b122a4cf856fbe2d5d27fcec6342da4
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubu=
ntu0.2_amd64.deb
Size/MD5: 6589590 f9efc15ce23dad80d430547d1b9077c5
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0=
.2_amd64.deb
Size/MD5: 5497638 fb4da73e39f7c719964707b7748b204d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubu=
ntu0.2_i386.deb
Size/MD5: 6461466 5a4775a7961fc74fadd6cd020963be58
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0=
.2_i386.deb
Size/MD5: 5507326 e9e3a6ce5f63e26633d0b68ea1bf75c2
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_lpi=
a.deb
Size/MD5: 6478988 bfbe625b13aa749d81c8f7ff807aaf12
http://ports.ubuntu.com/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_lpia.de=
b
Size/MD5: 5505690 df250daa1fa2713c85ddb75a99b2af11
powerpc architecture (Apple Macintosh G3/G4/G5):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubu=
ntu0.2_powerpc.deb
Size/MD5: 6919500 701645321e08cd212a7785c06b477405
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0=
.2_powerpc.deb
Size/MD5: 5851166 e4a595757c30c55a0c35a484607a213c
sparc architecture (Sun SPARC/UltraSPARC):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubu=
ntu0.2_sparc.deb
Size/MD5: 6784998 d676d1c5abc60a82eba7ca9405cd1c39
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0=
.2_sparc.deb
Size/MD5: 5723330 5daa134cb3a8caca0d4e2a26fdbe1d7b
Updated packages for Ubuntu 8.04 LTS:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.di=
ff.gz
Size/MD5: 17433 91b7b1de2b89ebdcef23ab8e77fdc811
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.ds=
c
Size/MD5: 999 f908e68e219ca437d77519d7cf862534
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz
Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.=
1_all.deb
Size/MD5: 3657246 900ab0a246c578d6d4d4e6c5befca152
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubu=
ntu0.1_amd64.deb
Size/MD5: 5997050 0e89eeddc3c6264d444366b45867c61d
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubunt=
u0.1_amd64.deb
Size/MD5: 5877840 3c6f4f4ae66a58f867342e661d72c985
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubunt=
u0.1_amd64.deb
Size/MD5: 7040202 a71cb9ac380f57bf47fd907d9af34c8e
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubu=
ntu0.1_amd64.deb
Size/MD5: 2353324 8de67c16b3c0b30daee38915bfc901df
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0=
.1_amd64.deb
Size/MD5: 5873082 6d69f425a495afbbb50016ff3108265e
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubunt=
u0.1_i386.deb
Size/MD5: 6906146 181070f61f6ebc58b544d3651cf759da
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubu=
ntu0.1_i386.deb
Size/MD5: 2248552 aee284ce96037513a357c83ae3fcb8be
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0=
.1_i386.deb
Size/MD5: 5876584 85065a4e8acba506070188b931186dfe
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_lpia.=
deb
Size/MD5: 6928392 01b4e4324639c8e9b7d01e75d058f5a2
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_lpi=
a.deb
Size/MD5: 2285242 546e622d8f28e93bb1f7904d614f7b92
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_lpia.de=
b
Size/MD5: 5876428 89011d2b6df82e8394a522acafc68180
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_power=
pc.deb
Size/MD5: 7373924 e2d4141adf969d1930cee65bb787a031
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_pow=
erpc.deb
Size/MD5: 2345552 121930d8b9f8d46d63861c91dd906462
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_powerpc=
.deb
Size/MD5: 6235758 40686a9e91f303e3b62bda937c05ceee
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_sparc=
.deb
Size/MD5: 7245714 cdb3c8b31b9e7d06d8a5f8b1902573f8
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_spa=
rc.deb
Size/MD5: 2124956 27dda5d787b2721e4a9d8831e2188c91
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_sparc.d=
eb
Size/MD5: 6106468 0edb46093a85263adfbfde054a7dd66a
Updated packages for Ubuntu 8.10:
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.=
diff.gz
Size/MD5: 20684 e29cd0d24c6eff8df6aa84b3870436a7
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.=
dsc
Size/MD5: 1389 2bdd4abf5a9a4b4d9adb778995a516dc
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu=
0.1_all.deb
Size/MD5: 3657524 f53a4fe91321a48c000f3dacf5831ebf
amd64 architecture (Athlon64, Opteron, EM64T Xeon):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2u=
buntu0.1_amd64.deb
Size/MD5: 6063168 94e72e7c83473542ca163d0814d023b9
http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubu=
ntu0.1_amd64.deb
Size/MD5: 5926752 fd9b6a51d6ceec5c3def8a17940ac839
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubu=
ntu0.1_amd64.deb
Size/MD5: 7124714 22ba2900462f28661b35c45313278386
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2u=
buntu0.1_amd64.deb
Size/MD5: 2422072 70543124daaec75cf7ece7f399f03c2e
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubunt=
u0.1_amd64.deb
Size/MD5: 5935486 df58d1b4e2c97fa03b322e2d57d7f40d
i386 architecture (x86 compatible Intel/AMD):
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubu=
ntu0.1_i386.deb
Size/MD5: 6979534 60bb47b69df7623fdbd1cfd72dbc8399
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2u=
buntu0.1_i386.deb
Size/MD5: 2294250 8fd201cda783cb232fbd86526c45989f
http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubunt=
u0.1_i386.deb
Size/MD5: 5925606 939a221f55d9ba035ade57ca7df826ae
lpia architecture (Low Power Intel Architecture):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_lpi=
a.deb
Size/MD5: 6991368 1d90c0dce7d8ebc583f7e236e5d9c866
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_l=
pia.deb
Size/MD5: 2325380 ef6431dd1b7932a5e19e582267f6b858
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_lpia.=
deb
Size/MD5: 5918506 d7fedf038baecb191c99a6afb7d8bc50
powerpc architecture (Apple Macintosh G3/G4/G5):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_pow=
erpc.deb
Size/MD5: 7453914 b353f8f570a196ef114dc6ba0dbfb8f1
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_p=
owerpc.deb
Size/MD5: 2404798 d706e47bf92812dc4ea05f5743e20d89
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_power=
pc.deb
Size/MD5: 6297760 773cabdc4bfc7d11b0bf43e6f5b3361d
sparc architecture (Sun SPARC/UltraSPARC):
http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_spa=
rc.deb
Size/MD5: 7310418 cff10011702e40730ab226fa42f7dcca
http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_s=
parc.deb
Size/MD5: 2155336 122d757002a50ee8bb48103e132fb995
http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_sparc=
.deb
Size/MD5: 6149156 db33747648e2baf54cf5791aa9574686
--=-j9z04Z7qbYV7tUufXLD+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEABECAAYFAknL11IACgkQLMAs/0C4zNpRUQCguNzFDkn8Bjdw/KvssVSMqETv
/dcAn0t7pyiE3b2qEnzcY7tIZajUIkDm
=7Bsc
-----END PGP SIGNATURE-----
--=-j9z04Z7qbYV7tUufXLD+--