Security Advisory Moderate: icu security update

Advisory: RHSA-2009:1122-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-25
Last updated on: 2009-06-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
OVAL: com.redhat.rhsa-20091122.xml
CVEs (cve.mitre.org): CVE-2009-0153

Details

Updated icu packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.

A flaw was found in the way ICU processed certain, invalid byte sequences
during Unicode conversion. If an application used ICU to decode malformed,
multibyte character data, it may have been possible to bypass certain
content protection mechanisms, or display information in a manner
misleading to the user. (CVE-2009-0153)

All users of icu should upgrade to these updated packages, which contain
backported patches to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)
SRPMS:
icu-3.6-5.11.4.src.rpm     9e9daba035dee02e6413949337de88a6
 
IA-32:
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
 
x86_64:
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm     2d0729758de47d8853f490bcc5a2a48b
 
Red Hat Enterprise Linux (v. 5 server)
SRPMS:
icu-3.6-5.11.4.src.rpm     9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm     3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
libicu-doc-3.6-5.11.4.i386.rpm     6cf7e4ad88e1b8af518cf07a27f8e89c
 
IA-64:
icu-3.6-5.11.4.ia64.rpm     db32ab4d4fbdecde7382c2233e7ff0e4
libicu-3.6-5.11.4.ia64.rpm     ee27e54e4bfed32a81b29814fc08bb4d
libicu-devel-3.6-5.11.4.ia64.rpm     0d0a8508323a340eb069aae8e3cb55f3
libicu-doc-3.6-5.11.4.ia64.rpm     2026c61ac21f1af4d913e47656809851
 
PPC:
icu-3.6-5.11.4.ppc.rpm     4d5e3d06ac9ba94cbf8a76e370231936
libicu-3.6-5.11.4.ppc.rpm     5c6a0187f598534d988ada2c01717b0e
libicu-3.6-5.11.4.ppc64.rpm     cbab66aa65b6982e7d520e9c4e2c834c
libicu-devel-3.6-5.11.4.ppc.rpm     13a91d0cf08eaf0ce664deab035cda94
libicu-devel-3.6-5.11.4.ppc64.rpm     3b57af9f6cf4fc9fc42b207f80077229
libicu-doc-3.6-5.11.4.ppc.rpm     6607f0a7d178c7e17259613427974bda
 
s390x:
icu-3.6-5.11.4.s390x.rpm     05f3546682390d38124dddf338b9442a
libicu-3.6-5.11.4.s390.rpm     9c8304aaed015a050a5b7ac27e94c952
libicu-3.6-5.11.4.s390x.rpm     ba4cdbf5805c68196065fa8eecc712c1
libicu-devel-3.6-5.11.4.s390.rpm     1593fff907f1c156804cdb8c92f5e116
libicu-devel-3.6-5.11.4.s390x.rpm     3cdfa7dff69318d7457d551aff032d71
libicu-doc-3.6-5.11.4.s390x.rpm     61b63b4a9ebcf7fd846c5edf0ea5cabe
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm     8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm     38885ced9e5584897c6ad2b08ab083d9
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm     2d0729758de47d8853f490bcc5a2a48b
libicu-doc-3.6-5.11.4.x86_64.rpm     592251b691d279d04b3bd49a9c919b8b
 
Red Hat Enterprise Linux Desktop (v. 5 client)
SRPMS:
icu-3.6-5.11.4.src.rpm     9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm     3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-doc-3.6-5.11.4.i386.rpm     6cf7e4ad88e1b8af518cf07a27f8e89c
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm     8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm     38885ced9e5584897c6ad2b08ab083d9
libicu-doc-3.6-5.11.4.x86_64.rpm     592251b691d279d04b3bd49a9c919b8b
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)
SRPMS:
icu-3.6-5.11.4.src.rpm     9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm     3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
libicu-doc-3.6-5.11.4.i386.rpm     6cf7e4ad88e1b8af518cf07a27f8e89c
 
IA-64:
icu-3.6-5.11.4.ia64.rpm     db32ab4d4fbdecde7382c2233e7ff0e4
libicu-3.6-5.11.4.ia64.rpm     ee27e54e4bfed32a81b29814fc08bb4d
libicu-devel-3.6-5.11.4.ia64.rpm     0d0a8508323a340eb069aae8e3cb55f3
libicu-doc-3.6-5.11.4.ia64.rpm     2026c61ac21f1af4d913e47656809851
 
PPC:
icu-3.6-5.11.4.ppc.rpm     4d5e3d06ac9ba94cbf8a76e370231936
libicu-3.6-5.11.4.ppc.rpm     5c6a0187f598534d988ada2c01717b0e
libicu-3.6-5.11.4.ppc64.rpm     cbab66aa65b6982e7d520e9c4e2c834c
libicu-devel-3.6-5.11.4.ppc.rpm     13a91d0cf08eaf0ce664deab035cda94
libicu-devel-3.6-5.11.4.ppc64.rpm     3b57af9f6cf4fc9fc42b207f80077229
libicu-doc-3.6-5.11.4.ppc.rpm     6607f0a7d178c7e17259613427974bda
 
s390x:
icu-3.6-5.11.4.s390x.rpm     05f3546682390d38124dddf338b9442a
libicu-3.6-5.11.4.s390.rpm     9c8304aaed015a050a5b7ac27e94c952
libicu-3.6-5.11.4.s390x.rpm     ba4cdbf5805c68196065fa8eecc712c1
libicu-devel-3.6-5.11.4.s390.rpm     1593fff907f1c156804cdb8c92f5e116
libicu-devel-3.6-5.11.4.s390x.rpm     3cdfa7dff69318d7457d551aff032d71
libicu-doc-3.6-5.11.4.s390x.rpm     61b63b4a9ebcf7fd846c5edf0ea5cabe
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm     8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm     32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm     38885ced9e5584897c6ad2b08ab083d9
libicu-devel-3.6-5.11.4.i386.rpm     cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm     2d0729758de47d8853f490bcc5a2a48b
libicu-doc-3.6-5.11.4.x86_64.rpm     592251b691d279d04b3bd49a9c919b8b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

503071 - CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling


References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153
http://www.redhat.com/security/updates/classification/#moderate

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/