=========================================================== Ubuntu Security Notice USN-591-1 March 24, 2008 icu vulnerabilities CVE-2007-4770, CVE-2007-4771 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. The problem can be corrected by upgrading your system to the following package versions: Ubuntu 6.06 LTS: libicu34 3.4.1a-1ubuntu1.6.06.1 Ubuntu 6.10: libicu34 3.4.1a-1ubuntu1.6.10.1 Ubuntu 7.04: libicu36 3.6-2ubuntu0.1 Ubuntu 7.10: libicu36 3.6-3ubuntu0.1 After a standard system upgrade you need to restart applications linked against libicu, such as OpenOffice.org, to effect the necessary changes. Details follow: Will Drewry discovered that libicu did not properly handle '\0' when processing regular expressions. If an application linked against libicu processed a crafted regular expression, an attacker could execute arbitrary code with privileges of the user invoking the program. (CVE-2007-4770) Will Drewry discovered that libicu did not properly limit its backtracking stack size. If an application linked against libicu processed a crafted regular expression, an attacker could cause a denial of service via resource exhaustion. (CVE-2007-4771) Updated packages for Ubuntu 6.06 LTS: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.1.diff.gz Size/MD5: 10972 445f415e082f042548258f4c6c232558 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.06.1.dsc Size/MD5: 619 523a7f45138a6053c2603ed6eb480fca http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.gz Size/MD5: 9039695 d45f59eb03b22cff127173cd3017f2e6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubuntu1.6.06.1_all.deb Size/MD5: 2915712 1101422b4eb7e5acdd12acc13336715a amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.1_amd64.deb Size/MD5: 5875030 1ae964fbf3734b1c00549de786e2bbba http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.1_amd64.deb Size/MD5: 4792062 d7a03747efc590dfe4dea95158689d4f i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.1_i386.deb Size/MD5: 5699304 981af70894449430248adf3d9e0db9b6 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.1_i386.deb Size/MD5: 4737488 6464d31ea0559635c6198dff1f4bf5bd powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.1_powerpc.deb Size/MD5: 6048294 ca2d43737af359f7eacd578e25e079ce http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.1_powerpc.deb Size/MD5: 4941578 6cd24bc1bded8547014b75e34216ec4d sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.06.1_sparc.deb Size/MD5: 5943896 cf5fbe8f8aae07d732d96729647f174e http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.06.1_sparc.deb Size/MD5: 4869890 71f8ee63a63ace3f17e77432cae0b4e7 Updated packages for Ubuntu 6.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.10.1.diff.gz Size/MD5: 10981 810042a363ce70adbd4804b1e35ede3c http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a-1ubuntu1.6.10.1.dsc Size/MD5: 619 7ba7b3d16d5293cd6917d023a9978f6e http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.4.1a.orig.tar.gz Size/MD5: 9039695 d45f59eb03b22cff127173cd3017f2e6 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.4.1a-1ubuntu1.6.10.1_all.deb Size/MD5: 2909022 aa55332464e3d391f414afaa8093f37f amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.10.1_amd64.deb Size/MD5: 5871754 160edb49c21f746f207e2b6d8f151067 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.10.1_amd64.deb Size/MD5: 4786816 afd1356e6b85cab7d2f75747f8aa7d03 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.10.1_i386.deb Size/MD5: 5750086 f3742740fef98eaaafc5145c7e895a2e http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.10.1_i386.deb Size/MD5: 4778408 51fd4d3cf2022aa3937076f7306f3085 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.10.1_powerpc.deb Size/MD5: 6060132 0c186f814c29f4d4ad5297ec59531a7e http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.10.1_powerpc.deb Size/MD5: 4945796 b95c4837ec0172ebc50b2596151bb127 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34-dev_3.4.1a-1ubuntu1.6.10.1_sparc.deb Size/MD5: 5950430 a912d9ab99e4f564346048ad014a689e http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu34_3.4.1a-1ubuntu1.6.10.1_sparc.deb Size/MD5: 4870650 939584895a0acc1fb47643c57551ae53 Updated packages for Ubuntu 7.04: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-2ubuntu0.1.diff.gz Size/MD5: 9568 992a805cfdf2bef53375bb692fade0ae http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-2ubuntu0.1.dsc Size/MD5: 683 811a2836307eb6b553a47234455782c8 http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz Size/MD5: 9778863 0f1bda1992b4adca62da68a7ad79d830 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-2ubuntu0.1_all.deb Size/MD5: 3239258 59e41f56b3e9b0967586f601fc786686 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-2ubuntu0.1_amd64.deb Size/MD5: 6582372 05738b95cbea7e71f1c7389acea343c0 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-2ubuntu0.1_amd64.deb Size/MD5: 5494132 3b37f4197509a3815a588837377926ab i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-2ubuntu0.1_i386.deb Size/MD5: 6455976 6131cb6505978764cfa87cc00f3bde55 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-2ubuntu0.1_i386.deb Size/MD5: 5502928 cc171e6c651af8798679d670317aecb4 powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-2ubuntu0.1_powerpc.deb Size/MD5: 6914678 3fc12666b60c32e1e766940458e86f8b http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-2ubuntu0.1_powerpc.deb Size/MD5: 5847506 3e87c31f56a17142293819375fb9b055 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-2ubuntu0.1_sparc.deb Size/MD5: 6782112 abe3146ed84e2bf73a406d031c07bb1b http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-2ubuntu0.1_sparc.deb Size/MD5: 5722818 6a81975ae3038438ce649b104524c66c Updated packages for Ubuntu 7.10: Source archives: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.1.diff.gz Size/MD5: 10669 c9fc07570c6cadd992b3e7c5967d675c http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6-3ubuntu0.1.dsc Size/MD5: 684 7ff1ab80feb3886e98be54ea84c743fa http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu_3.6.orig.tar.gz Size/MD5: 9778863 0f1bda1992b4adca62da68a7ad79d830 Architecture independent packages: http://security.ubuntu.com/ubuntu/pool/main/i/icu/icu-doc_3.6-3ubuntu0.1_all.deb Size/MD5: 3577326 864f4915d072d28288646ccfe3fcf564 amd64 architecture (Athlon64, Opteron, EM64T Xeon): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.1_amd64.deb Size/MD5: 6588894 3c3c78d3f960c6b461e5de948e1ad36f http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.1_amd64.deb Size/MD5: 5497318 c65272d6afba5a3cd299757cd24e4311 i386 architecture (x86 compatible Intel/AMD): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.1_i386.deb Size/MD5: 6460842 1b5ddf800807d301b81c9079e52bb886 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.1_i386.deb Size/MD5: 5507380 7e4d0bd96a552c06640a32687b7aebee powerpc architecture (Apple Macintosh G3/G4/G5): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.1_powerpc.deb Size/MD5: 6918592 74498356923f4a2388c15576f93f98f4 http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.1_powerpc.deb Size/MD5: 5850296 6461c9debe8d2b6811cdca0c00209658 sparc architecture (Sun SPARC/UltraSPARC): http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36-dev_3.6-3ubuntu0.1_sparc.deb Size/MD5: 6784336 548e4edca27774f28ffc26b5c721ab8d http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu36_3.6-3ubuntu0.1_sparc.deb Size/MD5: 5723102 a8f6a5a8bf0868a06b54beed61dd6853
Attachment:
signature.asc
Description: Digital signature