Debian: New libicu packages fix multiple problems
Summary
- ------------------------------------------------------------------------Debian Security Advisory DSA-1511-1 security@debian.org http://www.debian.org/security/ Steve Kemp March 03, 2008 http://www.debian.org/security/faq - ------------------------------------------------------------------------Package : libicu Vulnerability : various Problem type : local Debian-specific: no CVE Id(s) : 2007-4770 2007-4771 Debian Bug : 463688 Several local vulnerabilities have been discovered in libicu, International Components for Unicode, The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-4770 libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames. CVE-2007-4771 Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. For the stable distribution (etch), these problems have been fixed in version 3.6-2etch1. For the unstable distribution (sid), these problems have been fixed in version 3.8-6. We recommend that you upgrade your libicu package. Upgrade instructions - --------------------wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 4.0 alias etch - -------------------------------Source archives: Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830 Size/MD5 checksum: 591 13dcea6b1c9a282147b99c4867db6ee8 Size/MD5 checksum: 9552 82e560098b24b245872b163a522a80b8 Architecture independent packages: Size/MD5 checksum: 3332194 5da76263265814905245b97daec4c1c3 alpha architecture (DEC Alpha) Size/MD5 checksum: 7028746 b6b13d0fa262501923c97a859b400d10 Size/MD5 checksum: 5581984 0cd37ce9f234b9207accc424dc191f49 amd64 architecture (AMD x86_64 (AMD64)) Size/MD5 checksum: 6585582 9fe0ee74625a985628c9af096dd13827 Size/MD5 checksum: 5444228 250851db4a613e9a5d0029d73c1196c0 arm architecture (ARM) Size/MD5 checksum: 6631114 a73ff442415ca3bc336f1fb49e3aa701 Size/MD5 checksum: 5458358 c6d533fd7c1c51efbac58d2a96a386fb hppa architecture (HP PA RISC) Size/MD5 checksum: 7090294 aadca0bc8fb9307ea7fe293406a10e5f Size/MD5 checksum: 5909956 07bd8e6c733072fca8b96cc10e210a68 i386 architecture (Intel ia32) Size/MD5 checksum: 5468656 532aa02d6d67d4b6527ac8c29c9d110e Size/MD5 checksum: 6465540 bfd4d908b552bba2d871771f86369ec7 ia64 architecture (Intel ia64) Size/MD5 checksum: 7238880 10b410fcd460e47c3619de88167b74f5 Size/MD5 checksum: 5865536 dbc0ec913f08682cec4f1b75d35e0531 mips architecture (MIPS (Big Endian)) Size/MD5 checksum: 7047506 c0b327e8229d1d4d33131453cdac6508 Size/MD5 checksum: 5748172 126a2f0bb4b61cc54d70edb882191576 powerpc architecture (PowerPC) Size/MD5 checksum: 5747754 8bc631ad394a86e11c24c5b9ffd76f1d Size/MD5 checksum: 6888906 c5542d6d957327fd6f540029f4195772 s390 architecture (IBM S/390) Size/MD5 checksum: 5776762 16a114247a39201f3966ff4f22b80342 Size/MD5 checksum: 6895102 15624240d20d2e0aa7a29bbc90895908 sparc architecture (Sun SPARC/UltraSPARC) Size/MD5 checksum: 5671256 2c7a50b1fe50dbe4b3ef8995d91e5946 Size/MD5 checksum: 6771832 84a95a10934106c8cfc409032191de98 These files will probably be moved into the stable distribution on its next update. - ---------------------------------------------------------------------------------For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: dists/stable/updates/main Mailing list: debian-security-announce@lists.debian.org