
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1762-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
April 02, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : icu
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-1036


It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-site scripting attacks.


For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.


We recommend that you upgrade your icu packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:    14912 d15e89ba186f4003cf0fe25523bf5b68
      Size/MD5 checksum:      600 be64e9d5a346866e9cb5c0f60243d2fe
      Size/MD5 checksum:  9778863 0f1bda1992b4adca62da68a7ad79d830

Architecture independent packages:

      Size/MD5 checksum:  3334030 c6e6fbd348c8d802746a890393a767a5

alpha architecture (DEC Alpha)

      Size/MD5 checksum:  5584350 c988d1810f2abe6aca3c530061343674
      Size/MD5 checksum:  7009562 489c1341f1331b8664ec201d7b0896ac

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:  5444828 4cf4fecae90466c879a1b506da4b54da
      Size/MD5 checksum:  6584058 b74be6476a73b13f397c742dd05a46ef

arm architecture (ARM)

      Size/MD5 checksum:  5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
      Size/MD5 checksum:  6625136 a64d8a5965f960b7a42f175465552d1b

i386 architecture (Intel ia32)

      Size/MD5 checksum:  6480730 bab51b594e5b159ec97c4d0a78e137d4
      Size/MD5 checksum:  5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  7240032 54c98bff14b4d4b9106cbe4a0f37a790
      Size/MD5 checksum:  5865936 dfe2b9a21d02b3f6d0328076e90884b9

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:  5747772 6f7e94aa52df7e55632aded82da5be5b
      Size/MD5 checksum:  7032276 c873f62a11e599880d349171be6724b7

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  6767430 c34cfe617b2fa3b0ac265f445a77b151
      Size/MD5 checksum:  5462642 42cec53922ec7b565c314daca3480331

powerpc architecture (PowerPC)

      Size/MD5 checksum:  6889534 dbbcea68da2b4cde02734cf8af6a8bdd
      Size/MD5 checksum:  5748424 4af92234d22b585cdce7912733bc309e

s390 architecture (IBM S/390)

      Size/MD5 checksum:  6895200 637a01ea921657380bd42959e4bd5adf
      Size/MD5 checksum:  5777440 b1be81050b86652f9c1d943bc4887dc7

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  6772296 b0bb6f8d327193d0e9055e8eb8f98a51
      Size/MD5 checksum:  5671528 fa33dfa1c2278405708d23cd94be6919


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

      Size/MD5 checksum:     1297 daaf6d8629a5cde19dcfed98bc9a84a9
      Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
      Size/MD5 checksum:    20267 9c9d1d71c50f4deec44e95a9d5ea2530

Architecture independent packages:

      Size/MD5 checksum:  3774790 1a1cd3c7fde641350322461af9f57a37

alpha architecture (DEC Alpha)

      Size/MD5 checksum:  7565948 02e495e8771842e904cf67a80de61b82
      Size/MD5 checksum:  6065532 de58265aad775defadbb2a7b6af9d88d
      Size/MD5 checksum:  2364976 a28a051462a4b40c1ca94b663145ce16

amd64 architecture (AMD x86_64 (AMD64))

      Size/MD5 checksum:  6062920 3a90fc0d97f43436e4cca417a662b0f8
      Size/MD5 checksum:  7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
      Size/MD5 checksum:  2401370 d54929d018b9c28224299bad4b3fd3a7
      Size/MD5 checksum:  5920040 bfbb1dd39f462c2737a114f40fc3b494
      Size/MD5 checksum:  5932356 bcf6d7dab8a71f00e702384b97cf19a4

arm architecture (ARM)

      Size/MD5 checksum:  2286786 ce4bb8567f48cc3cf235368db8963544
      Size/MD5 checksum:  7183924 fbc8204644ef5e0fc74fc22f7d26034a
      Size/MD5 checksum:  5907872 93989d0a25c86c9e38e6317ca420fbc4

armel architecture (ARM EABI)

      Size/MD5 checksum:  1755700 89f87c26a0ce9a7f923a05d9b2555673
      Size/MD5 checksum:  7411842 70fc597eeb9c0e9e68d0137e0216f124
      Size/MD5 checksum:  5847710 08c26011ddb182edb57549e671d6cc61

hppa architecture (HP PA RISC)

      Size/MD5 checksum:  6377564 b8b8b1a62a0a02dd8469f7c172d92415
      Size/MD5 checksum:  7663982 cae24c749162aa3f4a896ec5dbde678a
      Size/MD5 checksum:  2357154 3ba097e27ead38178bbb8f804f13d77a

i386 architecture (Intel ia32)

      Size/MD5 checksum:  2278828 f9111677c4e7b9244bd643d748e2f18c
      Size/MD5 checksum:  5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
      Size/MD5 checksum:  6991888 351e9f8d60f139c335bf7ea07235dc08

ia64 architecture (Intel ia64)

      Size/MD5 checksum:  6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
      Size/MD5 checksum:  7825392 c99733de07fe43de5c0c1d923ebf93aa
      Size/MD5 checksum:  2207992 757e5e5c49c66411cc7e1077808c7576

mips architecture (MIPS (Big Endian))

      Size/MD5 checksum:  7599142 1d81608602f7b3a18dc8e3d03bf603ff
      Size/MD5 checksum:  6207630 d7bd482f6030f1ae4ff75c4735947b08
      Size/MD5 checksum:  2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0

mipsel architecture (MIPS (Little Endian))

      Size/MD5 checksum:  2405182 59d89f0a9a81429ec02f87debcb8e6a3
      Size/MD5 checksum:  5898892 94257031e244b5b52e9cbe8e37bb1f30
      Size/MD5 checksum:  7293408 f70b0c75989a5983f6921ee323b99c3c

powerpc architecture (PowerPC)

      Size/MD5 checksum:  6290800 bae34e705b5213d14a638350398a7d29
      Size/MD5 checksum:  7460598 8edd0cb02d62dfc5ce69c872e413ca39
      Size/MD5 checksum:  2376240 00fc0ad10f85fded7380fcaaccbe1514

s390 architecture (IBM S/390)

      Size/MD5 checksum:  7434356 de117fb929327d908c11ede36daa9166
      Size/MD5 checksum:  6269494 a17ae098f688e8a14bc79854013cada4
      Size/MD5 checksum:  2468406 d57fdf831571e1147f213051a50f8fdd

sparc architecture (Sun SPARC/UltraSPARC)

      Size/MD5 checksum:  6144646 e12966bb72793d7e6220eafd5ddb0c88
      Size/MD5 checksum:  2133070 454335db0966dc15c78261ef1a8fdcfc
      Size/MD5 checksum:  7302732 432d9fdee1502bf363d1db33ee6519ab


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp:  dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Debian: DSA-1762-1: New icu packages fix cross site scripting

April 3, 2009

It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross- site scripting attacks

Summary

It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-site scripting attacks.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.

We recommend that you upgrade your icu packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 14912 d15e89ba186f4003cf0fe25523bf5b68
Size/MD5 checksum: 600 be64e9d5a346866e9cb5c0f60243d2fe
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830

Architecture independent packages:

Size/MD5 checksum: 3334030 c6e6fbd348c8d802746a890393a767a5

alpha architecture (DEC Alpha)

Size/MD5 checksum: 5584350 c988d1810f2abe6aca3c530061343674
Size/MD5 checksum: 7009562 489c1341f1331b8664ec201d7b0896ac

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 5444828 4cf4fecae90466c879a1b506da4b54da
Size/MD5 checksum: 6584058 b74be6476a73b13f397c742dd05a46ef

arm architecture (ARM)

Size/MD5 checksum: 5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
Size/MD5 checksum: 6625136 a64d8a5965f960b7a42f175465552d1b

i386 architecture (Intel ia32)

Size/MD5 checksum: 6480730 bab51b594e5b159ec97c4d0a78e137d4
Size/MD5 checksum: 5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f

ia64 architecture (Intel ia64)

Size/MD5 checksum: 7240032 54c98bff14b4d4b9106cbe4a0f37a790
Size/MD5 checksum: 5865936 dfe2b9a21d02b3f6d0328076e90884b9

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 5747772 6f7e94aa52df7e55632aded82da5be5b
Size/MD5 checksum: 7032276 c873f62a11e599880d349171be6724b7

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 6767430 c34cfe617b2fa3b0ac265f445a77b151
Size/MD5 checksum: 5462642 42cec53922ec7b565c314daca3480331

powerpc architecture (PowerPC)

Size/MD5 checksum: 6889534 dbbcea68da2b4cde02734cf8af6a8bdd
Size/MD5 checksum: 5748424 4af92234d22b585cdce7912733bc309e

s390 architecture (IBM S/390)

Size/MD5 checksum: 6895200 637a01ea921657380bd42959e4bd5adf
Size/MD5 checksum: 5777440 b1be81050b86652f9c1d943bc4887dc7

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 6772296 b0bb6f8d327193d0e9055e8eb8f98a51
Size/MD5 checksum: 5671528 fa33dfa1c2278405708d23cd94be6919

Debian GNU/Linux 5.0 alias lenny

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

Size/MD5 checksum: 1297 daaf6d8629a5cde19dcfed98bc9a84a9
Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
Size/MD5 checksum: 20267 9c9d1d71c50f4deec44e95a9d5ea2530

Architecture independent packages:

Size/MD5 checksum: 3774790 1a1cd3c7fde641350322461af9f57a37

alpha architecture (DEC Alpha)

Size/MD5 checksum: 7565948 02e495e8771842e904cf67a80de61b82
Size/MD5 checksum: 6065532 de58265aad775defadbb2a7b6af9d88d
Size/MD5 checksum: 2364976 a28a051462a4b40c1ca94b663145ce16

amd64 architecture (AMD x86_64 (AMD64))

Size/MD5 checksum: 6062920 3a90fc0d97f43436e4cca417a662b0f8
Size/MD5 checksum: 7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
Size/MD5 checksum: 2401370 d54929d018b9c28224299bad4b3fd3a7
Size/MD5 checksum: 5920040 bfbb1dd39f462c2737a114f40fc3b494
Size/MD5 checksum: 5932356 bcf6d7dab8a71f00e702384b97cf19a4

arm architecture (ARM)

Size/MD5 checksum: 2286786 ce4bb8567f48cc3cf235368db8963544
Size/MD5 checksum: 7183924 fbc8204644ef5e0fc74fc22f7d26034a
Size/MD5 checksum: 5907872 93989d0a25c86c9e38e6317ca420fbc4

armel architecture (ARM EABI)

Size/MD5 checksum: 1755700 89f87c26a0ce9a7f923a05d9b2555673
Size/MD5 checksum: 7411842 70fc597eeb9c0e9e68d0137e0216f124
Size/MD5 checksum: 5847710 08c26011ddb182edb57549e671d6cc61

hppa architecture (HP PA RISC)

Size/MD5 checksum: 6377564 b8b8b1a62a0a02dd8469f7c172d92415
Size/MD5 checksum: 7663982 cae24c749162aa3f4a896ec5dbde678a
Size/MD5 checksum: 2357154 3ba097e27ead38178bbb8f804f13d77a

i386 architecture (Intel ia32)

Size/MD5 checksum: 2278828 f9111677c4e7b9244bd643d748e2f18c
Size/MD5 checksum: 5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
Size/MD5 checksum: 6991888 351e9f8d60f139c335bf7ea07235dc08

ia64 architecture (Intel ia64)

Size/MD5 checksum: 6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
Size/MD5 checksum: 7825392 c99733de07fe43de5c0c1d923ebf93aa
Size/MD5 checksum: 2207992 757e5e5c49c66411cc7e1077808c7576

mips architecture (MIPS (Big Endian))

Size/MD5 checksum: 7599142 1d81608602f7b3a18dc8e3d03bf603ff
Size/MD5 checksum: 6207630 d7bd482f6030f1ae4ff75c4735947b08
Size/MD5 checksum: 2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0

mipsel architecture (MIPS (Little Endian))

Size/MD5 checksum: 2405182 59d89f0a9a81429ec02f87debcb8e6a3
Size/MD5 checksum: 5898892 94257031e244b5b52e9cbe8e37bb1f30
Size/MD5 checksum: 7293408 f70b0c75989a5983f6921ee323b99c3c

powerpc architecture (PowerPC)

Size/MD5 checksum: 6290800 bae34e705b5213d14a638350398a7d29
Size/MD5 checksum: 7460598 8edd0cb02d62dfc5ce69c872e413ca39
Size/MD5 checksum: 2376240 00fc0ad10f85fded7380fcaaccbe1514

s390 architecture (IBM S/390)

Size/MD5 checksum: 7434356 de117fb929327d908c11ede36daa9166
Size/MD5 checksum: 6269494 a17ae098f688e8a14bc79854013cada4
Size/MD5 checksum: 2468406 d57fdf831571e1147f213051a50f8fdd

sparc architecture (Sun SPARC/UltraSPARC)

Size/MD5 checksum: 6144646 e12966bb72793d7e6220eafd5ddb0c88
Size/MD5 checksum: 2133070 454335db0966dc15c78261ef1a8fdcfc
Size/MD5 checksum: 7302732 432d9fdee1502bf363d1db33ee6519ab

These files will probably be moved into the stable distribution on
its next update.

For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show ' and http://packages.debian.org/

Severity

Debian: DSA-1762-1: New icu packages fix cross site scripting

Summary

Related News

Get the Latest News & Insights

News

Advisories

HOWTOs

Features

About Us

Powered By