Skip to navigation

Security Advisory Important: icu security update

Advisory: RHSA-2008:0090-4
Type: Security Advisory
Severity: Important
Issued on: 2008-01-25
Last updated on: 2008-01-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.1.z server)
CVEs (cve.mitre.org): CVE-2007-4770
CVE-2007-4771

Details

Updated icu packages that fix two security issues are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.

Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
(CVE-2007-4770, CVE-2007-4771)

All users of icu should upgrade to these updated packages, which contain
backported patches to resolve these issues.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
icu-3.6-5.11.1.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 684e1c7e05b3400235da8ea5523ac02d
 
IA-32:
libicu-devel-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: f042295f4ed72c8a71b35327f3a804f7
 
x86_64:
libicu-devel-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: f042295f4ed72c8a71b35327f3a804f7
libicu-devel-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: e07b4f9ab06a7dd94c93151ab017fb7b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
icu-3.6-5.11.1.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 684e1c7e05b3400235da8ea5523ac02d
 
IA-32:
icu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: ab778e712641e36a0e5257743e18bdb0
libicu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cec05762e8bb1748dd87483fb45cd154
libicu-devel-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: f042295f4ed72c8a71b35327f3a804f7
libicu-doc-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: e8d9b1e1bc3ab3a4070f5f20c300c04c
 
IA-64:
icu-3.6-5.11.1.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 4c419841b5660d01f17f7051de6ceaff
libicu-3.6-5.11.1.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 3b8c3e77d833c28a06947cf5f0392f13
libicu-devel-3.6-5.11.1.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 70f6615d7f606f68194c1a098a1aee78
libicu-doc-3.6-5.11.1.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: a10d73cf075979157b2829c4920f8eca
 
PPC:
icu-3.6-5.11.1.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: a5ec3435941522e028e26aae754c1bdd
libicu-3.6-5.11.1.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: ea224ac62bbf66a4e0f3d74bf654a6ce
libicu-3.6-5.11.1.ppc64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 92d8a05cae84cb6c78dd481b82e471ce
libicu-devel-3.6-5.11.1.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6bd23f2a4534e12a9e8d0323e4b0b527
libicu-devel-3.6-5.11.1.ppc64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 4055811df20e3d57e20b5eb9f922768c
libicu-doc-3.6-5.11.1.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: f8251a68de374533679430fd009ecba7
 
s390x:
icu-3.6-5.11.1.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: ada9ab1c49a9b23ea08d94a97c50ea92
libicu-3.6-5.11.1.s390.rpm
File outdated by:  RHSA-2011:1815
    MD5: 4f78a6990c922267d5a7e105ea60f7c4
libicu-3.6-5.11.1.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: d5d800183c968209ef7f09fc4147e323
libicu-devel-3.6-5.11.1.s390.rpm
File outdated by:  RHSA-2011:1815
    MD5: 98650f016039c2ce801cd58cb5cd434c
libicu-devel-3.6-5.11.1.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: 74cb639e5bc78a4cacddd5c0585efff8
libicu-doc-3.6-5.11.1.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: ab52ab67ea717f3ff757e2868cc2c1d2
 
x86_64:
icu-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 5cd44bebe5a2fcaa8023b98b95926a1a
libicu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cec05762e8bb1748dd87483fb45cd154
libicu-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 01f3f1e697ba2f254682a77bd0664bbb
libicu-devel-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: f042295f4ed72c8a71b35327f3a804f7
libicu-devel-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: e07b4f9ab06a7dd94c93151ab017fb7b
libicu-doc-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6b63a14ba5594f327d66df65ba01567b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
icu-3.6-5.11.1.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 684e1c7e05b3400235da8ea5523ac02d
 
IA-32:
icu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: ab778e712641e36a0e5257743e18bdb0
libicu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cec05762e8bb1748dd87483fb45cd154
libicu-doc-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: e8d9b1e1bc3ab3a4070f5f20c300c04c
 
x86_64:
icu-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 5cd44bebe5a2fcaa8023b98b95926a1a
libicu-3.6-5.11.1.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cec05762e8bb1748dd87483fb45cd154
libicu-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 01f3f1e697ba2f254682a77bd0664bbb
libicu-doc-3.6-5.11.1.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6b63a14ba5594f327d66df65ba01567b
 
Red Hat Enterprise Linux EUS (v. 5.1.z server)

SRPMS:
icu-3.6-5.11.1.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 684e1c7e05b3400235da8ea5523ac02d
 
IA-32:
icu-3.6-5.11.1.i386.rpm     MD5: ab778e712641e36a0e5257743e18bdb0
libicu-3.6-5.11.1.i386.rpm     MD5: cec05762e8bb1748dd87483fb45cd154
libicu-devel-3.6-5.11.1.i386.rpm     MD5: f042295f4ed72c8a71b35327f3a804f7
libicu-doc-3.6-5.11.1.i386.rpm     MD5: e8d9b1e1bc3ab3a4070f5f20c300c04c
 
IA-64:
icu-3.6-5.11.1.ia64.rpm     MD5: 4c419841b5660d01f17f7051de6ceaff
libicu-3.6-5.11.1.ia64.rpm     MD5: 3b8c3e77d833c28a06947cf5f0392f13
libicu-devel-3.6-5.11.1.ia64.rpm     MD5: 70f6615d7f606f68194c1a098a1aee78
libicu-doc-3.6-5.11.1.ia64.rpm     MD5: a10d73cf075979157b2829c4920f8eca
 
PPC:
icu-3.6-5.11.1.ppc.rpm     MD5: a5ec3435941522e028e26aae754c1bdd
libicu-3.6-5.11.1.ppc.rpm     MD5: ea224ac62bbf66a4e0f3d74bf654a6ce
libicu-3.6-5.11.1.ppc64.rpm     MD5: 92d8a05cae84cb6c78dd481b82e471ce
libicu-devel-3.6-5.11.1.ppc.rpm     MD5: 6bd23f2a4534e12a9e8d0323e4b0b527
libicu-devel-3.6-5.11.1.ppc64.rpm     MD5: 4055811df20e3d57e20b5eb9f922768c
libicu-doc-3.6-5.11.1.ppc.rpm     MD5: f8251a68de374533679430fd009ecba7
 
s390x:
icu-3.6-5.11.1.s390x.rpm     MD5: ada9ab1c49a9b23ea08d94a97c50ea92
libicu-3.6-5.11.1.s390.rpm     MD5: 4f78a6990c922267d5a7e105ea60f7c4
libicu-3.6-5.11.1.s390x.rpm     MD5: d5d800183c968209ef7f09fc4147e323
libicu-devel-3.6-5.11.1.s390.rpm     MD5: 98650f016039c2ce801cd58cb5cd434c
libicu-devel-3.6-5.11.1.s390x.rpm     MD5: 74cb639e5bc78a4cacddd5c0585efff8
libicu-doc-3.6-5.11.1.s390x.rpm     MD5: ab52ab67ea717f3ff757e2868cc2c1d2
 
x86_64:
icu-3.6-5.11.1.x86_64.rpm     MD5: 5cd44bebe5a2fcaa8023b98b95926a1a
libicu-3.6-5.11.1.i386.rpm     MD5: cec05762e8bb1748dd87483fb45cd154
libicu-3.6-5.11.1.x86_64.rpm     MD5: 01f3f1e697ba2f254682a77bd0664bbb
libicu-devel-3.6-5.11.1.i386.rpm     MD5: f042295f4ed72c8a71b35327f3a804f7
libicu-devel-3.6-5.11.1.x86_64.rpm     MD5: e07b4f9ab06a7dd94c93151ab017fb7b
libicu-doc-3.6-5.11.1.x86_64.rpm     MD5: 6b63a14ba5594f327d66df65ba01567b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

429023 - CVE-2007-4770 libicu poor back reference validation
429025 - CVE-2007-4771 libicu incomplete interval handling


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/