Ubuntu 747-1: ICU vulnerability

    Date26 Mar 2009
    CategoryUbuntu
    101
    Posted ByLinuxSecurity Advisories
    It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed. [More...]
    ===========================================================
    Ubuntu Security Notice USN-747-1             March 26, 2009
    icu vulnerability
    CVE-2008-1036
    ===========================================================
    
    A security issue affects the following Ubuntu releases:
    
    Ubuntu 6.06 LTS
    Ubuntu 7.10
    Ubuntu 8.04 LTS
    Ubuntu 8.10
    
    This advisory also applies to the corresponding versions of
    Kubuntu, Edubuntu, and Xubuntu.
    
    The problem can be corrected by upgrading your system to the
    following package versions:
    
    Ubuntu 6.06 LTS:
      libicu34                        3.4.1a-1ubuntu1.6.06.2
    
    Ubuntu 7.10:
      libicu36                        3.6-3ubuntu0.2
    
    Ubuntu 8.04 LTS:
      libicu38                        3.8-6ubuntu0.1
    
    Ubuntu 8.10:
      libicu38                        3.8.1-2ubuntu0.1
    
    After a standard system upgrade you need to restart applications linked
    against libicu, such as OpenOffice.org, to effect the necessary changes.
    
    Details follow:
    
    It was discovered that libicu did not correctly handle certain invalid
    encoded data. If a user or automated system were tricked into processing
    specially crafted data with applications linked against libicu, certain
    content filters could be bypassed.
    
    
    Updated packages for Ubuntu 6.06 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.diff.gz
          Size/MD5:    16244 dcba370b3c69ede4caada2cef6097a69
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.dsc
          Size/MD5:      627 c389b659aef98a101d3b809d1b9179b4
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.gz
          Size/MD5:  9039695 d45f59eb03b22cff127173cd3017f2e6
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubuntu1.6.06.2_all.deb
          Size/MD5:  2916034 42b832f87d208c258594b016a27613d3
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_amd64.deb
          Size/MD5:  5875686 b8d2da7ecb92b29b968cddc64e2dc745
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_amd64.deb
          Size/MD5:  4792684 462550a7885baf62c31eaf830b6c7db0
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_i386.deb
          Size/MD5:  5699948 5046cc627de4e5f664db86ed0fddbbb3
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_i386.deb
          Size/MD5:  4738084 17eeb1616ef7872ba918d5016280380b
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_powerpc.deb
          Size/MD5:  6049128 836759b1e1a985e8e8dc56e25dca5f2e
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_powerpc.deb
          Size/MD5:  4942576 596e46c4eca4d82f0390b2498af68e76
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_sparc.deb
          Size/MD5:  5944400 14053337b91d73b2aa2ad6823d598acf
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_sparc.deb
          Size/MD5:  4870286 4aa90044609bfadd3571b74978e8de92
    
    Updated packages for Ubuntu 7.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.diff.gz
          Size/MD5:    15909 0aa59cbaaef67c9c50054128e201456b
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.dsc
          Size/MD5:      692 bfd481cc3f5af820727dac270cc1b287
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz
          Size/MD5:  9778863 0f1bda1992b4adca62da68a7ad79d830
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-3ubuntu0.2_all.deb
          Size/MD5:  3577674 4b122a4cf856fbe2d5d27fcec6342da4
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_amd64.deb
          Size/MD5:  6589590 f9efc15ce23dad80d430547d1b9077c5
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_amd64.deb
          Size/MD5:  5497638 fb4da73e39f7c719964707b7748b204d
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_i386.deb
          Size/MD5:  6461466 5a4775a7961fc74fadd6cd020963be58
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_i386.deb
          Size/MD5:  5507326 e9e3a6ce5f63e26633d0b68ea1bf75c2
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_lpia.deb
          Size/MD5:  6478988 bfbe625b13aa749d81c8f7ff807aaf12
        http://ports.ubuntu.com/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_lpia.deb
          Size/MD5:  5505690 df250daa1fa2713c85ddb75a99b2af11
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_powerpc.deb
          Size/MD5:  6919500 701645321e08cd212a7785c06b477405
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_powerpc.deb
          Size/MD5:  5851166 e4a595757c30c55a0c35a484607a213c
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_sparc.deb
          Size/MD5:  6784998 d676d1c5abc60a82eba7ca9405cd1c39
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_sparc.deb
          Size/MD5:  5723330 5daa134cb3a8caca0d4e2a26fdbe1d7b
    
    Updated packages for Ubuntu 8.04 LTS:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.diff.gz
          Size/MD5:    17433 91b7b1de2b89ebdcef23ab8e77fdc811
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.dsc
          Size/MD5:      999 f908e68e219ca437d77519d7cf862534
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz
          Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.1_all.deb
          Size/MD5:  3657246 900ab0a246c578d6d4d4e6c5befca152
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.1_amd64.deb
          Size/MD5:  5997050 0e89eeddc3c6264d444366b45867c61d
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.1_amd64.deb
          Size/MD5:  5877840 3c6f4f4ae66a58f867342e661d72c985
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_amd64.deb
          Size/MD5:  7040202 a71cb9ac380f57bf47fd907d9af34c8e
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_amd64.deb
          Size/MD5:  2353324 8de67c16b3c0b30daee38915bfc901df
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_amd64.deb
          Size/MD5:  5873082 6d69f425a495afbbb50016ff3108265e
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_i386.deb
          Size/MD5:  6906146 181070f61f6ebc58b544d3651cf759da
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_i386.deb
          Size/MD5:  2248552 aee284ce96037513a357c83ae3fcb8be
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_i386.deb
          Size/MD5:  5876584 85065a4e8acba506070188b931186dfe
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_lpia.deb
          Size/MD5:  6928392 01b4e4324639c8e9b7d01e75d058f5a2
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_lpia.deb
          Size/MD5:  2285242 546e622d8f28e93bb1f7904d614f7b92
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_lpia.deb
          Size/MD5:  5876428 89011d2b6df82e8394a522acafc68180
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_powerpc.deb
          Size/MD5:  7373924 e2d4141adf969d1930cee65bb787a031
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_powerpc.deb
          Size/MD5:  2345552 121930d8b9f8d46d63861c91dd906462
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_powerpc.deb
          Size/MD5:  6235758 40686a9e91f303e3b62bda937c05ceee
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_sparc.deb
          Size/MD5:  7245714 cdb3c8b31b9e7d06d8a5f8b1902573f8
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_sparc.deb
          Size/MD5:  2124956 27dda5d787b2721e4a9d8831e2188c91
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_sparc.deb
          Size/MD5:  6106468 0edb46093a85263adfbfde054a7dd66a
    
    Updated packages for Ubuntu 8.10:
    
      Source archives:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.diff.gz
          Size/MD5:    20684 e29cd0d24c6eff8df6aa84b3870436a7
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.dsc
          Size/MD5:     1389 2bdd4abf5a9a4b4d9adb778995a516dc
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
          Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
    
      Architecture independent packages:
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.1_all.deb
          Size/MD5:  3657524 f53a4fe91321a48c000f3dacf5831ebf
    
      amd64 architecture (Athlon64, Opteron, EM64T Xeon):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.1_amd64.deb
          Size/MD5:  6063168 94e72e7c83473542ca163d0814d023b9
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.1_amd64.deb
          Size/MD5:  5926752 fd9b6a51d6ceec5c3def8a17940ac839
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_amd64.deb
          Size/MD5:  7124714 22ba2900462f28661b35c45313278386
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_amd64.deb
          Size/MD5:  2422072 70543124daaec75cf7ece7f399f03c2e
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_amd64.deb
          Size/MD5:  5935486 df58d1b4e2c97fa03b322e2d57d7f40d
    
      i386 architecture (x86 compatible Intel/AMD):
    
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_i386.deb
          Size/MD5:  6979534 60bb47b69df7623fdbd1cfd72dbc8399
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_i386.deb
          Size/MD5:  2294250 8fd201cda783cb232fbd86526c45989f
        http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_i386.deb
          Size/MD5:  5925606 939a221f55d9ba035ade57ca7df826ae
    
      lpia architecture (Low Power Intel Architecture):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_lpia.deb
          Size/MD5:  6991368 1d90c0dce7d8ebc583f7e236e5d9c866
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_lpia.deb
          Size/MD5:  2325380 ef6431dd1b7932a5e19e582267f6b858
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_lpia.deb
          Size/MD5:  5918506 d7fedf038baecb191c99a6afb7d8bc50
    
      powerpc architecture (Apple Macintosh G3/G4/G5):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_powerpc.deb
          Size/MD5:  7453914 b353f8f570a196ef114dc6ba0dbfb8f1
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_powerpc.deb
          Size/MD5:  2404798 d706e47bf92812dc4ea05f5743e20d89
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_powerpc.deb
          Size/MD5:  6297760 773cabdc4bfc7d11b0bf43e6f5b3361d
    
      sparc architecture (Sun SPARC/UltraSPARC):
    
        http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_sparc.deb
          Size/MD5:  7310418 cff10011702e40730ab226fa42f7dcca
        http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_sparc.deb
          Size/MD5:  2155336 122d757002a50ee8bb48103e132fb995
        http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_sparc.deb
          Size/MD5:  6149156 db33747648e2baf54cf5791aa9574686
    
    
    
    You are not authorised to post comments.

    Comments powered by CComment

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"22","type":"x","order":"1","pct":55,"resources":[]},{"id":"88","title":"Should be more technical","votes":"5","type":"x","order":"2","pct":12.5,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"13","type":"x","order":"3","pct":32.5,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.