LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: July 25th, 2014
Linux Advisory Watch: July 18th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: ICU vulnerability Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu It was discovered that libicu did not correctly handle certain invalid encoded data. If a user or automated system were tricked into processing specially crafted data with applications linked against libicu, certain content filters could be bypassed.
===========================================================
Ubuntu Security Notice USN-747-1             March 26, 2009
icu vulnerability
CVE-2008-1036
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 6.06 LTS
Ubuntu 7.10
Ubuntu 8.04 LTS
Ubuntu 8.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 6.06 LTS:
  libicu34                        3.4.1a-1ubuntu1.6.06.2

Ubuntu 7.10:
  libicu36                        3.6-3ubuntu0.2

Ubuntu 8.04 LTS:
  libicu38                        3.8-6ubuntu0.1

Ubuntu 8.10:
  libicu38                        3.8.1-2ubuntu0.1

After a standard system upgrade you need to restart applications linked
against libicu, such as OpenOffice.org, to effect the necessary changes.

Details follow:

It was discovered that libicu did not correctly handle certain invalid
encoded data. If a user or automated system were tricked into processing
specially crafted data with applications linked against libicu, certain
content filters could be bypassed.


Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.diff.gz
      Size/MD5:    16244 dcba370b3c69ede4caada2cef6097a69
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.2.dsc
      Size/MD5:      627 c389b659aef98a101d3b809d1b9179b4
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.gz
      Size/MD5:  9039695 d45f59eb03b22cff127173cd3017f2e6

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubuntu1.6.06.2_all.deb
      Size/MD5:  2916034 42b832f87d208c258594b016a27613d3

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_amd64.deb
      Size/MD5:  5875686 b8d2da7ecb92b29b968cddc64e2dc745
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_amd64.deb
      Size/MD5:  4792684 462550a7885baf62c31eaf830b6c7db0

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_i386.deb
      Size/MD5:  5699948 5046cc627de4e5f664db86ed0fddbbb3
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_i386.deb
      Size/MD5:  4738084 17eeb1616ef7872ba918d5016280380b

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_powerpc.deb
      Size/MD5:  6049128 836759b1e1a985e8e8dc56e25dca5f2e
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_powerpc.deb
      Size/MD5:  4942576 596e46c4eca4d82f0390b2498af68e76

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.2_sparc.deb
      Size/MD5:  5944400 14053337b91d73b2aa2ad6823d598acf
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.2_sparc.deb
      Size/MD5:  4870286 4aa90044609bfadd3571b74978e8de92

Updated packages for Ubuntu 7.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.diff.gz
      Size/MD5:    15909 0aa59cbaaef67c9c50054128e201456b
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.2.dsc
      Size/MD5:      692 bfd481cc3f5af820727dac270cc1b287
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz
      Size/MD5:  9778863 0f1bda1992b4adca62da68a7ad79d830

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-3ubuntu0.2_all.deb
      Size/MD5:  3577674 4b122a4cf856fbe2d5d27fcec6342da4

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_amd64.deb
      Size/MD5:  6589590 f9efc15ce23dad80d430547d1b9077c5
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_amd64.deb
      Size/MD5:  5497638 fb4da73e39f7c719964707b7748b204d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_i386.deb
      Size/MD5:  6461466 5a4775a7961fc74fadd6cd020963be58
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_i386.deb
      Size/MD5:  5507326 e9e3a6ce5f63e26633d0b68ea1bf75c2

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_lpia.deb
      Size/MD5:  6478988 bfbe625b13aa749d81c8f7ff807aaf12
    http://ports.ubuntu.com/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_lpia.deb
      Size/MD5:  5505690 df250daa1fa2713c85ddb75a99b2af11

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_powerpc.deb
      Size/MD5:  6919500 701645321e08cd212a7785c06b477405
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_powerpc.deb
      Size/MD5:  5851166 e4a595757c30c55a0c35a484607a213c

  sparc architecture (Sun SPARC/UltraSPARC):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.2_sparc.deb
      Size/MD5:  6784998 d676d1c5abc60a82eba7ca9405cd1c39
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.2_sparc.deb
      Size/MD5:  5723330 5daa134cb3a8caca0d4e2a26fdbe1d7b

Updated packages for Ubuntu 8.04 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.diff.gz
      Size/MD5:    17433 91b7b1de2b89ebdcef23ab8e77fdc811
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8-6ubuntu0.1.dsc
      Size/MD5:      999 f908e68e219ca437d77519d7cf862534
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.orig.tar.gz
      Size/MD5: 10515206 25a997240bb83a98d4515b6a88370314

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8-6ubuntu0.1_all.deb
      Size/MD5:  3657246 900ab0a246c578d6d4d4e6c5befca152

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8-6ubuntu0.1_amd64.deb
      Size/MD5:  5997050 0e89eeddc3c6264d444366b45867c61d
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8-6ubuntu0.1_amd64.deb
      Size/MD5:  5877840 3c6f4f4ae66a58f867342e661d72c985
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_amd64.deb
      Size/MD5:  7040202 a71cb9ac380f57bf47fd907d9af34c8e
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_amd64.deb
      Size/MD5:  2353324 8de67c16b3c0b30daee38915bfc901df
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_amd64.deb
      Size/MD5:  5873082 6d69f425a495afbbb50016ff3108265e

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_i386.deb
      Size/MD5:  6906146 181070f61f6ebc58b544d3651cf759da
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_i386.deb
      Size/MD5:  2248552 aee284ce96037513a357c83ae3fcb8be
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_i386.deb
      Size/MD5:  5876584 85065a4e8acba506070188b931186dfe

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_lpia.deb
      Size/MD5:  6928392 01b4e4324639c8e9b7d01e75d058f5a2
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_lpia.deb
      Size/MD5:  2285242 546e622d8f28e93bb1f7904d614f7b92
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_lpia.deb
      Size/MD5:  5876428 89011d2b6df82e8394a522acafc68180

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_powerpc.deb
      Size/MD5:  7373924 e2d4141adf969d1930cee65bb787a031
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_powerpc.deb
      Size/MD5:  2345552 121930d8b9f8d46d63861c91dd906462
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_powerpc.deb
      Size/MD5:  6235758 40686a9e91f303e3b62bda937c05ceee

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8-6ubuntu0.1_sparc.deb
      Size/MD5:  7245714 cdb3c8b31b9e7d06d8a5f8b1902573f8
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8-6ubuntu0.1_sparc.deb
      Size/MD5:  2124956 27dda5d787b2721e4a9d8831e2188c91
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8-6ubuntu0.1_sparc.deb
      Size/MD5:  6106468 0edb46093a85263adfbfde054a7dd66a

Updated packages for Ubuntu 8.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.diff.gz
      Size/MD5:    20684 e29cd0d24c6eff8df6aa84b3870436a7
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1-2ubuntu0.1.dsc
      Size/MD5:     1389 2bdd4abf5a9a4b4d9adb778995a516dc
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.8.1.orig.tar.gz
      Size/MD5: 10591204 ca52a1eb5050478f5f7d24e16ce01f57

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.8.1-2ubuntu0.1_all.deb
      Size/MD5:  3657524 f53a4fe91321a48c000f3dacf5831ebf

  amd64 architecture (Athlon64, Opteron, EM64T Xeon):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu-dev_3.8.1-2ubuntu0.1_amd64.deb
      Size/MD5:  6063168 94e72e7c83473542ca163d0814d023b9
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/lib32icu38_3.8.1-2ubuntu0.1_amd64.deb
      Size/MD5:  5926752 fd9b6a51d6ceec5c3def8a17940ac839
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_amd64.deb
      Size/MD5:  7124714 22ba2900462f28661b35c45313278386
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_amd64.deb
      Size/MD5:  2422072 70543124daaec75cf7ece7f399f03c2e
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_amd64.deb
      Size/MD5:  5935486 df58d1b4e2c97fa03b322e2d57d7f40d

  i386 architecture (x86 compatible Intel/AMD):

    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_i386.deb
      Size/MD5:  6979534 60bb47b69df7623fdbd1cfd72dbc8399
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_i386.deb
      Size/MD5:  2294250 8fd201cda783cb232fbd86526c45989f
    http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_i386.deb
      Size/MD5:  5925606 939a221f55d9ba035ade57ca7df826ae

  lpia architecture (Low Power Intel Architecture):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_lpia.deb
      Size/MD5:  6991368 1d90c0dce7d8ebc583f7e236e5d9c866
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_lpia.deb
      Size/MD5:  2325380 ef6431dd1b7932a5e19e582267f6b858
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_lpia.deb
      Size/MD5:  5918506 d7fedf038baecb191c99a6afb7d8bc50

  powerpc architecture (Apple Macintosh G3/G4/G5):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_powerpc.deb
      Size/MD5:  7453914 b353f8f570a196ef114dc6ba0dbfb8f1
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_powerpc.deb
      Size/MD5:  2404798 d706e47bf92812dc4ea05f5743e20d89
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_powerpc.deb
      Size/MD5:  6297760 773cabdc4bfc7d11b0bf43e6f5b3361d

  sparc architecture (Sun SPARC/UltraSPARC):

    http://ports.ubuntu.com/pool/main/i/icu/libicu-dev_3.8.1-2ubuntu0.1_sparc.deb
      Size/MD5:  7310418 cff10011702e40730ab226fa42f7dcca
    http://ports.ubuntu.com/pool/main/i/icu/libicu38-dbg_3.8.1-2ubuntu0.1_sparc.deb
      Size/MD5:  2155336 122d757002a50ee8bb48103e132fb995
    http://ports.ubuntu.com/pool/main/i/icu/libicu38_3.8.1-2ubuntu0.1_sparc.deb
      Size/MD5:  6149156 db33747648e2baf54cf5791aa9574686



--=-j9z04Z7qbYV7tUufXLD+
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEABECAAYFAknL11IACgkQLMAs/0C4zNpRUQCguNzFDkn8Bjdw/KvssVSMqETv
/dcAn0t7pyiE3b2qEnzcY7tIZajUIkDm
{sc
-----END PGP SIGNATURE-----

--=-j9z04Z7qbYV7tUufXLD+--



--==============Ä47531535041850360=Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--==============Ä47531535041850360==--
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
How Hackers Hid a Money-Mining Botnet in Amazonís Cloud
Homeland Security gets into software security
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.