Forum: >>> Magnum BBS <<<

[SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence par

From Moritz Muehlenhoff@1:229/2 to All on Wed Sep 16 21:20:06 2009

From: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ------------------------------------------------------------------------ Debian Security Advisory DSA-1889-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff September 16, 2009 http://www.debian.org/security/faq
- ------------------------------------------------------------------------

Package : icu
Vulnerability : programming error
Problem type : local(remote)
Debian-specific: no
CVE Id(s) : CVE-2009-0153

It was discovered that the ICU unicode library performed incorrect
processing of invalid multibyte sequences, resulting in potential
bypass of security mechanisms.

For the old stable distribution (etch), this problem has been fixed in
version 3.6-2etch3.

For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny2.

For the unstable distribution (sid), this problem has been fixed in
version 4.0.1-1.

We recommend that you upgrade your icu packages.

Upgrade instructions
- --------------------

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
will update the internal database
apt-get upgrade
will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 4.0 alias etch
- -------------------------------

Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.dsc
Size/MD5 checksum: 592 8b600075600533ce08c9801ffa571a19
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch3.diff.gz
Size/MD5 checksum: 45190 601af38fe10a27e08e40985c409bc6c4
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830

Architecture independent packages:

http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch3_all.deb
Size/MD5 checksum: 3239572 8bf16fb7db375fb14de7082bcb814733

alpha architecture (DEC Alpha)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_alpha.deb
Size/MD5 checksum: 5586140 1244a1b89188c020a97468dc25d22af7
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_alpha.deb
Size/MD5 checksum: 7012868 8680617bb8c38f6abef169b572a76baa

amd64 architecture (AMD x86_64 (AMD64))

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_amd64.deb
Size/MD5 checksum: 5444866 f9271ec21977880f74955cfe06b7580d
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_amd64.deb
Size/MD5 checksum: 6573726 25374ce8e6ae12b655a9744db65b9455

hppa architecture (HP PA RISC)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_hppa.deb
Size/MD5 checksum: 5913798 20c8976b23d28d9bc91ea053748d79e0
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_hppa.deb
Size/MD5 checksum: 7110674 bee82145df32672bf5d61e29dd3d6bc3

i386 architecture (Intel ia32)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_i386.deb
Size/MD5 checksum: 6466444 d8e1c31e6f1d238353340a9b82da1ed8
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_i386.deb
Size/MD5 checksum: 5470148 f5d9e50ecb224df9ae4f0c7057097f54

ia64 architecture (Intel ia64)

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_ia64.deb
Size/MD5 checksum: 5869036 c305e7cff86ad5584c4842fec7619fd8
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_ia64.deb
Size/MD5 checksum: 7243932 effc8dc2ed962de903e848ff402c167a

mips architecture (MIPS (Big Endian))

http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mips.deb
Size/MD5 checksum: 5747354 39624db186bbf7ce259c47681d0a1cfc
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mips.deb
Size/MD5 checksum: 7052540 c159699731d592ec60fcfd4bbe010a51

mipsel architecture (MIPS (Little Endian))

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_mipsel.deb
Size/MD5 checksum: 6769230 32e24d0b40b3f2e62e0c2c4c4be96dce
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_mipsel.deb
Size/MD5 checksum: 5464426 5f544b29dd41d8326ddfd70b31e4045a

powerpc architecture (PowerPC)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_powerpc.deb
Size/MD5 checksum: 6891510 af8e8b416b43a9d6c5f5893dd63261d6
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_powerpc.deb
Size/MD5 checksum: 5750422 ec7b53398b703da8f7e166a33768e260

s390 architecture (IBM S/390)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_s390.deb
Size/MD5 checksum: 6896648 d6e3cde239924756df46b084e80388d4
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_s390.deb
Size/MD5 checksum: 5781028 e5c3b53fdcda2562a206d92b15a5f520

sparc architecture (Sun SPARC/UltraSPARC)

http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch3_sparc.deb
Size/MD5 checksum: 6774462 94ce55cf609a906af5336f32b6c2ee22
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch3_sparc.deb
Size/MD5 checksum: 5673738 d63d35c169da448d83074fa45e25ed64

Debian GNU/Linux 5.0 alias lenny
- --------------------------------

Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.

Source archives:

http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny2.diff.gz
Size/MD5 checksum: 41943 57d76fe9884c543a634bfd44425a42c6
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
Size/MD5 checksum: 10591204 ca52a1eb5050478f5f7d24e16ce01f57

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)

Who's Online
Recent Visitors
- Krenn
  Sun Jun 7 03:07:26 2026
  from Sydney, Nsw via Telnet
- Krenn
  Sun Jun 7 01:30:12 2026
  from Sydney, Nsw via Telnet
- Centurion
  Sat Jun 6 23:27:30 2026
  from Berea, Ohio via Telnet
- Ab Cadd
  Sat Jun 6 15:42:53 2026
  from Sheboygan, Wi via Telnet
- Centurion
  Sat Jun 6 15:32:28 2026
  from Berea, Ohio via Telnet
- Krenn
  Sat Jun 6 11:38:56 2026
  from Sydney, Nsw via Telnet
- Furryboy
  Sat Jun 6 10:56:29 2026
  from Romania, Galati via SSH
- Centurion
  Fri Jun 5 22:28:01 2026
  from Berea, Ohio via Telnet

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (0 / 16)
Uptime:	161:46:23
Calls:	12,094
Calls today:	2
Files:	15,000
Messages:	6,517,778

[SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence par

Who's Online

Recent Visitors

System Info