Sicherheit: Zwei Probleme in ICU

Lesezeichen hinzufügen

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--===============8143575247045305836==
Content-Type: multipart/signed; micalg=pgp-sha512;
protocol="application/pgp-signature";
boundary="FcjdI9BuK8NRTX2GB6QTca08nkbJrHLg6"

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--FcjdI9BuK8NRTX2GB6QTca08nkbJrHLg6
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

==========================================================================
Ubuntu Security Notice USN-1989-1
October 15, 2013

icu vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 13.04
- Ubuntu 12.10
- Ubuntu 12.04 LTS

Summary:

ICU could be made to crash or run programs as your login if it processed
specially crafted data.

Software Description:
- icu: International Components for Unicode library

Details:

It was discovered that ICU contained a race condition affecting multi-
threaded applications. If an application using ICU processed crafted data,
an attacker could cause it to crash or potentially execute arbitrary code
with the privileges of the user invoking the program. This issue only
affected Ubuntu 12.04 LTS and Ubuntu 12.10. (CVE-2013-0900)

It was discovered that ICU incorrectly handled memory operations. If an
application using ICU processed crafted data, an attacker could cause it to
crash or potentially execute arbitrary code with the privileges of the user
invoking the program. (CVE-2013-2924)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 13.04:
libicu48 4.8.1.1-12ubuntu0.1

Ubuntu 12.10:
libicu48 4.8.1.1-8ubuntu0.1

Ubuntu 12.04 LTS:
libicu48 4.8.1.1-3ubuntu0.1

In general, a standard system update will make all the necessary changes.

References:
http://www.ubuntu.com/usn/usn-1989-1
CVE-2013-0900, CVE-2013-2924

Package Information:
https://launchpad.net/ubuntu/+source/icu/4.8.1.1-12ubuntu0.1
https://launchpad.net/ubuntu/+source/icu/4.8.1.1-8ubuntu0.1
https://launchpad.net/ubuntu/+source/icu/4.8.1.1-3ubuntu0.1

--FcjdI9BuK8NRTX2GB6QTca08nkbJrHLg6
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBCgAGBQJSXXdfAAoJEGVp2FWnRL6T36AP/0eg+maiu9CUpteH0PmByzO3
rPoQZhYkszVTrh9p2NV+0lE31TKcOJT2rTuIcTNrrFTrUakThdBj33Zj0lmJ2vws
BTtCTv4Ca8EalVjfcBO7EVlFsg38AODQTYB1oKl+OI2zDbHJpJTXn2djCNgd5sys
21IpAVUZSM8YYNimsWV4jaglukUQZvfPOfTddQx0jSU8K6DK4Nvga73y+BHMTG1M
zi0Ldkklc6EVGi0oG0ns/50iERwOYKGqzcUMTBA2heV1CZYMM6IP3sg+0MEzhMU8
7WcHaLSFq9p0A0EolhKlHvssKA2DF79bTzVkIhz4DYyoaQMnZzIPmLRPi0XsPJ2j
4WhJBVDohbl9zEesrd8hWfRsuIYlCECwccV7hBUT4o9wF1uqetV8UFLAWd+kyWCG
hTjwM2WQEfwQwUlcvLkvwXyj1OldAnuXoSSedS4+GPJhOnGzVM+JWRC+jZqCFqUo
x6KiAwho0UQA8N2b4jSWeJwUFh9kDHgBox3CrWakA4gMpNEowRHhtHNLN9BjZJlE
1XaZaCVwKs4uCOkwstKgu/9OGEI8j6qCg9Ce3yPqG7HMCkFCPnXUqDV1PGSoieIB
1gbYBIvJTWsWXA0GQhdjuc6yxKRDMCQgOzfsTMwK2y6eoCU7+5ly3pQKu2KXn9by
2N9+yJRdL/DJ8x/X1jMJ
=dqWp
-----END PGP SIGNATURE-----

--FcjdI9BuK8NRTX2GB6QTca08nkbJrHLg6--

--===============8143575247045305836==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

--
ubuntu-security-announce mailing list
ubuntu-security-announce@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

--===============8143575247045305836==--