LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: August 1st, 2014
Linux Security Week: July 28th, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Debian: New icu packages fix cross site scripting Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Debian It was discovered that icu, the internal components for Unicode, did not properly sanitise invalid encoded data, which could lead to cross- site scripting attacks.
- ------------------------------------------------------------------------
Debian Security Advisory DSA-1762-1                  security@debian.org
http://www.debian.org/security/                      Steffen Joeris
April 02, 2009                         http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package        : icu
Vulnerability  : insufficient input sanitising
Problem type   : remote
Debian-specific: no
CVE Id         : CVE-2008-1036


It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-
site scripting attacks.


For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.

For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.


We recommend that you upgrade your icu packages.


Upgrade instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 4.0 alias etch
- -------------------------------

Debian (oldstable)
- ------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
    Size/MD5 checksum:    14912 d15e89ba186f4003cf0fe25523bf5b68
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
    Size/MD5 checksum:      600 be64e9d5a346866e9cb5c0f60243d2fe
  http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
    Size/MD5 checksum:  9778863 0f1bda1992b4adca62da68a7ad79d830

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
    Size/MD5 checksum:  3334030 c6e6fbd348c8d802746a890393a767a5

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
    Size/MD5 checksum:  5584350 c988d1810f2abe6aca3c530061343674
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
    Size/MD5 checksum:  7009562 489c1341f1331b8664ec201d7b0896ac

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
    Size/MD5 checksum:  5444828 4cf4fecae90466c879a1b506da4b54da
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
    Size/MD5 checksum:  6584058 b74be6476a73b13f397c742dd05a46ef

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
    Size/MD5 checksum:  5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
    Size/MD5 checksum:  6625136 a64d8a5965f960b7a42f175465552d1b

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
    Size/MD5 checksum:  6480730 bab51b594e5b159ec97c4d0a78e137d4
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
    Size/MD5 checksum:  5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
    Size/MD5 checksum:  7240032 54c98bff14b4d4b9106cbe4a0f37a790
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
    Size/MD5 checksum:  5865936 dfe2b9a21d02b3f6d0328076e90884b9

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
    Size/MD5 checksum:  5747772 6f7e94aa52df7e55632aded82da5be5b
  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
    Size/MD5 checksum:  7032276 c873f62a11e599880d349171be6724b7

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
    Size/MD5 checksum:  6767430 c34cfe617b2fa3b0ac265f445a77b151
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
    Size/MD5 checksum:  5462642 42cec53922ec7b565c314daca3480331

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
    Size/MD5 checksum:  6889534 dbbcea68da2b4cde02734cf8af6a8bdd
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
    Size/MD5 checksum:  5748424 4af92234d22b585cdce7912733bc309e

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
    Size/MD5 checksum:  6895200 637a01ea921657380bd42959e4bd5adf
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
    Size/MD5 checksum:  5777440 b1be81050b86652f9c1d943bc4887dc7

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
    Size/MD5 checksum:  6772296 b0bb6f8d327193d0e9055e8eb8f98a51
  http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
    Size/MD5 checksum:  5671528 fa33dfa1c2278405708d23cd94be6919


Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Debian (stable)
- ---------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
    Size/MD5 checksum:     1297 daaf6d8629a5cde19dcfed98bc9a84a9
  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
    Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57
  http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.diff.gz
    Size/MD5 checksum:    20267 9c9d1d71c50f4deec44e95a9d5ea2530

Architecture independent packages:

  http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.8.1-3+lenny1_all.deb
    Size/MD5 checksum:  3774790 1a1cd3c7fde641350322461af9f57a37

alpha architecture (DEC Alpha)

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  7565948 02e495e8771842e904cf67a80de61b82
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  6065532 de58265aad775defadbb2a7b6af9d88d
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_alpha.deb
    Size/MD5 checksum:  2364976 a28a051462a4b40c1ca94b663145ce16

amd64 architecture (AMD x86_64 (AMD64))

  http://security.debian.org/pool/updates/main/i/icu/lib32icu-dev_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  6062920 3a90fc0d97f43436e4cca417a662b0f8
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  7131010 c7bcc67bf7ebc77254f2b5b9f312f1bb
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  2401370 d54929d018b9c28224299bad4b3fd3a7
  http://security.debian.org/pool/updates/main/i/icu/lib32icu38_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  5920040 bfbb1dd39f462c2737a114f40fc3b494
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_amd64.deb
    Size/MD5 checksum:  5932356 bcf6d7dab8a71f00e702384b97cf19a4

arm architecture (ARM)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  2286786 ce4bb8567f48cc3cf235368db8963544
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  7183924 fbc8204644ef5e0fc74fc22f7d26034a
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_arm.deb
    Size/MD5 checksum:  5907872 93989d0a25c86c9e38e6317ca420fbc4

armel architecture (ARM EABI)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  1755700 89f87c26a0ce9a7f923a05d9b2555673
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  7411842 70fc597eeb9c0e9e68d0137e0216f124
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_armel.deb
    Size/MD5 checksum:  5847710 08c26011ddb182edb57549e671d6cc61

hppa architecture (HP PA RISC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  6377564 b8b8b1a62a0a02dd8469f7c172d92415
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  7663982 cae24c749162aa3f4a896ec5dbde678a
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_hppa.deb
    Size/MD5 checksum:  2357154 3ba097e27ead38178bbb8f804f13d77a

i386 architecture (Intel ia32)

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  2278828 f9111677c4e7b9244bd643d748e2f18c
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  5920016 7aecb5bc8fe15f0c1b5ef5c4419eab6a
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_i386.deb
    Size/MD5 checksum:  6991888 351e9f8d60f139c335bf7ea07235dc08

ia64 architecture (Intel ia64)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  6396240 7c56b1d5f54c9f6a4a2a6fc9698e4337
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  7825392 c99733de07fe43de5c0c1d923ebf93aa
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_ia64.deb
    Size/MD5 checksum:  2207992 757e5e5c49c66411cc7e1077808c7576

mips architecture (MIPS (Big Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  7599142 1d81608602f7b3a18dc8e3d03bf603ff
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  6207630 d7bd482f6030f1ae4ff75c4735947b08
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mips.deb
    Size/MD5 checksum:  2472538 2f7b6f0c8a5dfa6ce877b8305a6779b0

mipsel architecture (MIPS (Little Endian))

  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  2405182 59d89f0a9a81429ec02f87debcb8e6a3
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  5898892 94257031e244b5b52e9cbe8e37bb1f30
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_mipsel.deb
    Size/MD5 checksum:  7293408 f70b0c75989a5983f6921ee323b99c3c

powerpc architecture (PowerPC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  6290800 bae34e705b5213d14a638350398a7d29
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  7460598 8edd0cb02d62dfc5ce69c872e413ca39
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_powerpc.deb
    Size/MD5 checksum:  2376240 00fc0ad10f85fded7380fcaaccbe1514

s390 architecture (IBM S/390)

  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  7434356 de117fb929327d908c11ede36daa9166
  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  6269494 a17ae098f688e8a14bc79854013cada4
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_s390.deb
    Size/MD5 checksum:  2468406 d57fdf831571e1147f213051a50f8fdd

sparc architecture (Sun SPARC/UltraSPARC)

  http://security.debian.org/pool/updates/main/i/icu/libicu38_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  6144646 e12966bb72793d7e6220eafd5ddb0c88
  http://security.debian.org/pool/updates/main/i/icu/libicu38-dbg_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  2133070 454335db0966dc15c78261ef1a8fdcfc
  http://security.debian.org/pool/updates/main/i/icu/libicu-dev_3.8.1-3+lenny1_sparc.deb
    Size/MD5 checksum:  7302732 432d9fdee1502bf363d1db33ee6519ab


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Attackers can easily create dangerous file-encrypting malware, new threat suggests
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.