Skip to navigation

Security Advisory Moderate: icu security update

Advisory: RHSA-2009:1122-1
Type: Security Advisory
Severity: Moderate
Issued on: 2009-06-25
Last updated on: 2009-06-25
Affected Products: RHEL Desktop Workstation (v. 5 client)
Red Hat Enterprise Linux (v. 5 server)
Red Hat Enterprise Linux Desktop (v. 5 client)
Red Hat Enterprise Linux EUS (v. 5.3.z server)
Red Hat Enterprise Linux Long Life (v. 5.3 server)
CVEs (cve.mitre.org): CVE-2009-0153

Details

Updated icu packages that fix a security issue are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having moderate security impact by the Red
Hat Security Response Team.

The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.

A flaw was found in the way ICU processed certain, invalid byte sequences
during Unicode conversion. If an application used ICU to decode malformed,
multibyte character data, it may have been possible to bypass certain
content protection mechanisms, or display information in a manner
misleading to the user. (CVE-2009-0153)

All users of icu should upgrade to these updated packages, which contain
backported patches to resolve this issue.


Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

Updated packages

RHEL Desktop Workstation (v. 5 client)

SRPMS:
icu-3.6-5.11.4.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9e9daba035dee02e6413949337de88a6
 
IA-32:
libicu-devel-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cd41589979e6abe5ec66119f13020948
 
x86_64:
libicu-devel-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 2d0729758de47d8853f490bcc5a2a48b
 
Red Hat Enterprise Linux (v. 5 server)

SRPMS:
icu-3.6-5.11.4.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 32820dda16be56caa32b76ed12d87e36
libicu-devel-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cd41589979e6abe5ec66119f13020948
libicu-doc-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6cf7e4ad88e1b8af518cf07a27f8e89c
 
IA-64:
icu-3.6-5.11.4.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: db32ab4d4fbdecde7382c2233e7ff0e4
libicu-3.6-5.11.4.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: ee27e54e4bfed32a81b29814fc08bb4d
libicu-devel-3.6-5.11.4.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 0d0a8508323a340eb069aae8e3cb55f3
libicu-doc-3.6-5.11.4.ia64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 2026c61ac21f1af4d913e47656809851
 
PPC:
icu-3.6-5.11.4.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: 4d5e3d06ac9ba94cbf8a76e370231936
libicu-3.6-5.11.4.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: 5c6a0187f598534d988ada2c01717b0e
libicu-3.6-5.11.4.ppc64.rpm
File outdated by:  RHSA-2011:1815
    MD5: cbab66aa65b6982e7d520e9c4e2c834c
libicu-devel-3.6-5.11.4.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: 13a91d0cf08eaf0ce664deab035cda94
libicu-devel-3.6-5.11.4.ppc64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 3b57af9f6cf4fc9fc42b207f80077229
libicu-doc-3.6-5.11.4.ppc.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6607f0a7d178c7e17259613427974bda
 
s390x:
icu-3.6-5.11.4.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: 05f3546682390d38124dddf338b9442a
libicu-3.6-5.11.4.s390.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9c8304aaed015a050a5b7ac27e94c952
libicu-3.6-5.11.4.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: ba4cdbf5805c68196065fa8eecc712c1
libicu-devel-3.6-5.11.4.s390.rpm
File outdated by:  RHSA-2011:1815
    MD5: 1593fff907f1c156804cdb8c92f5e116
libicu-devel-3.6-5.11.4.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: 3cdfa7dff69318d7457d551aff032d71
libicu-doc-3.6-5.11.4.s390x.rpm
File outdated by:  RHSA-2011:1815
    MD5: 61b63b4a9ebcf7fd846c5edf0ea5cabe
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 38885ced9e5584897c6ad2b08ab083d9
libicu-devel-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 2d0729758de47d8853f490bcc5a2a48b
libicu-doc-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 592251b691d279d04b3bd49a9c919b8b
 
Red Hat Enterprise Linux Desktop (v. 5 client)

SRPMS:
icu-3.6-5.11.4.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 32820dda16be56caa32b76ed12d87e36
libicu-doc-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 6cf7e4ad88e1b8af518cf07a27f8e89c
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm
File outdated by:  RHSA-2011:1815
    MD5: 32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 38885ced9e5584897c6ad2b08ab083d9
libicu-doc-3.6-5.11.4.x86_64.rpm
File outdated by:  RHSA-2011:1815
    MD5: 592251b691d279d04b3bd49a9c919b8b
 
Red Hat Enterprise Linux EUS (v. 5.3.z server)

SRPMS:
icu-3.6-5.11.4.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm     MD5: 3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm     MD5: 32820dda16be56caa32b76ed12d87e36
libicu-devel-3.6-5.11.4.i386.rpm     MD5: cd41589979e6abe5ec66119f13020948
libicu-doc-3.6-5.11.4.i386.rpm     MD5: 6cf7e4ad88e1b8af518cf07a27f8e89c
 
IA-64:
icu-3.6-5.11.4.ia64.rpm     MD5: db32ab4d4fbdecde7382c2233e7ff0e4
libicu-3.6-5.11.4.ia64.rpm     MD5: ee27e54e4bfed32a81b29814fc08bb4d
libicu-devel-3.6-5.11.4.ia64.rpm     MD5: 0d0a8508323a340eb069aae8e3cb55f3
libicu-doc-3.6-5.11.4.ia64.rpm     MD5: 2026c61ac21f1af4d913e47656809851
 
PPC:
icu-3.6-5.11.4.ppc.rpm     MD5: 4d5e3d06ac9ba94cbf8a76e370231936
libicu-3.6-5.11.4.ppc.rpm     MD5: 5c6a0187f598534d988ada2c01717b0e
libicu-3.6-5.11.4.ppc64.rpm     MD5: cbab66aa65b6982e7d520e9c4e2c834c
libicu-devel-3.6-5.11.4.ppc.rpm     MD5: 13a91d0cf08eaf0ce664deab035cda94
libicu-devel-3.6-5.11.4.ppc64.rpm     MD5: 3b57af9f6cf4fc9fc42b207f80077229
libicu-doc-3.6-5.11.4.ppc.rpm     MD5: 6607f0a7d178c7e17259613427974bda
 
s390x:
icu-3.6-5.11.4.s390x.rpm     MD5: 05f3546682390d38124dddf338b9442a
libicu-3.6-5.11.4.s390.rpm     MD5: 9c8304aaed015a050a5b7ac27e94c952
libicu-3.6-5.11.4.s390x.rpm     MD5: ba4cdbf5805c68196065fa8eecc712c1
libicu-devel-3.6-5.11.4.s390.rpm     MD5: 1593fff907f1c156804cdb8c92f5e116
libicu-devel-3.6-5.11.4.s390x.rpm     MD5: 3cdfa7dff69318d7457d551aff032d71
libicu-doc-3.6-5.11.4.s390x.rpm     MD5: 61b63b4a9ebcf7fd846c5edf0ea5cabe
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm     MD5: 8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm     MD5: 32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm     MD5: 38885ced9e5584897c6ad2b08ab083d9
libicu-devel-3.6-5.11.4.i386.rpm     MD5: cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm     MD5: 2d0729758de47d8853f490bcc5a2a48b
libicu-doc-3.6-5.11.4.x86_64.rpm     MD5: 592251b691d279d04b3bd49a9c919b8b
 
Red Hat Enterprise Linux Long Life (v. 5.3 server)

SRPMS:
icu-3.6-5.11.4.src.rpm
File outdated by:  RHSA-2011:1815
    MD5: 9e9daba035dee02e6413949337de88a6
 
IA-32:
icu-3.6-5.11.4.i386.rpm     MD5: 3a346cf4f90bce59f60aab90cf93b2d6
libicu-3.6-5.11.4.i386.rpm     MD5: 32820dda16be56caa32b76ed12d87e36
libicu-devel-3.6-5.11.4.i386.rpm     MD5: cd41589979e6abe5ec66119f13020948
libicu-doc-3.6-5.11.4.i386.rpm     MD5: 6cf7e4ad88e1b8af518cf07a27f8e89c
 
IA-64:
icu-3.6-5.11.4.ia64.rpm     MD5: db32ab4d4fbdecde7382c2233e7ff0e4
libicu-3.6-5.11.4.ia64.rpm     MD5: ee27e54e4bfed32a81b29814fc08bb4d
libicu-devel-3.6-5.11.4.ia64.rpm     MD5: 0d0a8508323a340eb069aae8e3cb55f3
libicu-doc-3.6-5.11.4.ia64.rpm     MD5: 2026c61ac21f1af4d913e47656809851
 
x86_64:
icu-3.6-5.11.4.x86_64.rpm     MD5: 8dcd06ce7c04519a56c77ea14e77ce5e
libicu-3.6-5.11.4.i386.rpm     MD5: 32820dda16be56caa32b76ed12d87e36
libicu-3.6-5.11.4.x86_64.rpm     MD5: 38885ced9e5584897c6ad2b08ab083d9
libicu-devel-3.6-5.11.4.i386.rpm     MD5: cd41589979e6abe5ec66119f13020948
libicu-devel-3.6-5.11.4.x86_64.rpm     MD5: 2d0729758de47d8853f490bcc5a2a48b
libicu-doc-3.6-5.11.4.x86_64.rpm     MD5: 592251b691d279d04b3bd49a9c919b8b
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

503071 - CVE-2009-0153 icu: XSS vulnerability due to improper invalid byte sequence handling


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/