Red Hat Product Errata RHSA-2008:0090 - Security Advisory

Issued:: 2008-01-25
Updated:: 2008-01-25

RHSA-2008:0090 - Security Advisory

Overview
Updated Packages

Synopsis

Important: icu security update

Type/Severity

Security Advisory: Important

Topic

Updated icu packages that fix two security issues are now available for Red
Hat Enterprise Linux 5.

This update has been rated as having important security impact by the Red
Hat Security Response Team.

Description

The International Components for Unicode (ICU) library provides robust and
full-featured Unicode services.

Will Drewry reported multiple flaws in the way libicu processed certain
malformed regular expressions. If an application linked against ICU, such
as OpenOffice.org, processed a carefully crafted regular expression, it may
be possible to execute arbitrary code as the user running the application.
(CVE-2007-4770, CVE-2007-4771)

All users of icu should upgrade to these updated packages, which contain
backported patches to resolve these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/FAQ_58_10188

Affected Products

Red Hat Enterprise Linux Server 5 x86_64
Red Hat Enterprise Linux Server 5 ia64
Red Hat Enterprise Linux Server 5 i386
Red Hat Enterprise Linux Server - Extended Update Support 5.1 x86_64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 ia64
Red Hat Enterprise Linux Server - Extended Update Support 5.1 i386
Red Hat Enterprise Linux Workstation 5 x86_64
Red Hat Enterprise Linux Workstation 5 i386
Red Hat Enterprise Linux Desktop 5 x86_64
Red Hat Enterprise Linux Desktop 5 i386
Red Hat Enterprise Linux for IBM z Systems 5 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1 s390x
Red Hat Enterprise Linux for Power, big endian 5 ppc
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1 ppc
Red Hat Enterprise Linux Server from RHUI 5 x86_64
Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

BZ - 429023 - CVE-2007-4770 libicu poor back reference validation
BZ - 429025 - CVE-2007-4771 libicu incomplete interval handling

CVEs

References

http://www.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux Server 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
x86_64
icu-3.6-5.11.1.x86_64.rpm	SHA-256: 9ef42a791a4203788e50e13a0ac287a1724ac7e699af9d33e6e0f8e8898b9301
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-3.6-5.11.1.x86_64.rpm	SHA-256: 79a23c4987cdfc4a2717a72379f2e35d4edc812dd9ba5095468573a560dab086
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-devel-3.6-5.11.1.x86_64.rpm	SHA-256: 0105304263c4b0bc1832b92bd8faea02d40ea0e280a31f8f082fe5e7e9e89b47
libicu-doc-3.6-5.11.1.x86_64.rpm	SHA-256: 474529a2738b828afa4e722d5affcaf97265140dd9b323c45e963f8a2ca32ad9
ia64
icu-3.6-5.11.1.ia64.rpm	SHA-256: dc4a1a64c3a275c0a9e0f00b799d2bdbb372268b55acc458307836342df745f5
libicu-3.6-5.11.1.ia64.rpm	SHA-256: 5cb8d5297218c413eccaa49fca3d1b3c42cea0c3f3886c0fe519c69c06d1a2fd
libicu-devel-3.6-5.11.1.ia64.rpm	SHA-256: e077403d6b581c309e9f904a28db429e53ee63d3d66e00535981fa35927e4a40
libicu-doc-3.6-5.11.1.ia64.rpm	SHA-256: c7ef74e7ec0f85398b96a6cf8897d0e746bc06a7553d8d8fd51761f85fef4601
i386
icu-3.6-5.11.1.i386.rpm	SHA-256: d8de220a250652409e9f86fc27a42c7b1e46c3310a0591edf67701efa256d43e
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-doc-3.6-5.11.1.i386.rpm	SHA-256: 5c9446df5f7e4c99e5fd581d78d72c3437a7de809decfca6afa47fc2a8e7d45e

Red Hat Enterprise Linux Server - Extended Update Support 5.1

SRPM
x86_64
ia64
i386

Red Hat Enterprise Linux Workstation 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
x86_64
icu-3.6-5.11.1.x86_64.rpm	SHA-256: 9ef42a791a4203788e50e13a0ac287a1724ac7e699af9d33e6e0f8e8898b9301
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-3.6-5.11.1.x86_64.rpm	SHA-256: 79a23c4987cdfc4a2717a72379f2e35d4edc812dd9ba5095468573a560dab086
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-devel-3.6-5.11.1.x86_64.rpm	SHA-256: 0105304263c4b0bc1832b92bd8faea02d40ea0e280a31f8f082fe5e7e9e89b47
libicu-doc-3.6-5.11.1.x86_64.rpm	SHA-256: 474529a2738b828afa4e722d5affcaf97265140dd9b323c45e963f8a2ca32ad9
i386
icu-3.6-5.11.1.i386.rpm	SHA-256: d8de220a250652409e9f86fc27a42c7b1e46c3310a0591edf67701efa256d43e
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-doc-3.6-5.11.1.i386.rpm	SHA-256: 5c9446df5f7e4c99e5fd581d78d72c3437a7de809decfca6afa47fc2a8e7d45e

Red Hat Enterprise Linux Desktop 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
x86_64
icu-3.6-5.11.1.x86_64.rpm	SHA-256: 9ef42a791a4203788e50e13a0ac287a1724ac7e699af9d33e6e0f8e8898b9301
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-3.6-5.11.1.x86_64.rpm	SHA-256: 79a23c4987cdfc4a2717a72379f2e35d4edc812dd9ba5095468573a560dab086
libicu-doc-3.6-5.11.1.x86_64.rpm	SHA-256: 474529a2738b828afa4e722d5affcaf97265140dd9b323c45e963f8a2ca32ad9
i386
icu-3.6-5.11.1.i386.rpm	SHA-256: d8de220a250652409e9f86fc27a42c7b1e46c3310a0591edf67701efa256d43e
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-doc-3.6-5.11.1.i386.rpm	SHA-256: 5c9446df5f7e4c99e5fd581d78d72c3437a7de809decfca6afa47fc2a8e7d45e

Red Hat Enterprise Linux for IBM z Systems 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
s390x
icu-3.6-5.11.1.s390x.rpm	SHA-256: b74cecd3de92d5facbf216d73654b0d992fce660060a8c02462247e94e7ac6e7
libicu-3.6-5.11.1.s390.rpm	SHA-256: 36472efa4c746413ffd3ee111232215629d4a4eb9e28490d3d26381e8cb1cc30
libicu-3.6-5.11.1.s390x.rpm	SHA-256: be32cb6d3df8b14aef93b675564cb7ef8e8da7026a4ec54295115a145b0549a6
libicu-devel-3.6-5.11.1.s390.rpm	SHA-256: ee1e3062df9800f8a415d79f89fd2e8ce4ef84cafb0166f2ff698be233d84112
libicu-devel-3.6-5.11.1.s390x.rpm	SHA-256: a9b6728348fb4c1bf05084e9d714b86ccc26571d95b0bfa370c9fbe1907f8dc6
libicu-doc-3.6-5.11.1.s390x.rpm	SHA-256: b721a3102d25f160bba160fb75aba1cfa50e81ea3f47c9bf6de312cbaf51eda4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 5.1

SRPM
s390x

Red Hat Enterprise Linux for Power, big endian 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
ppc
icu-3.6-5.11.1.ppc.rpm	SHA-256: ce041a1ab092cd37f67799a1142b6ff3ad6116a5866d7b65e42cd6a8d218d23b
libicu-3.6-5.11.1.ppc.rpm	SHA-256: fbf1d0557da2ec97d563b8ff68ddcc59c313e96a4a1a37f5b8bd624c734cbfe7
libicu-3.6-5.11.1.ppc64.rpm	SHA-256: b97729ebd78438f5a340e7254680fea32541ed3302e28fb58bee1f2113d91723
libicu-devel-3.6-5.11.1.ppc.rpm	SHA-256: 9c3986b49413da6edd7269bf264b73660f61b8f567802c2eb615194723636d17
libicu-devel-3.6-5.11.1.ppc64.rpm	SHA-256: 3158f6d1469b011940b943df1bca2d00b2aee20e5f62e4e6319bfe63015ede56
libicu-doc-3.6-5.11.1.ppc.rpm	SHA-256: ebf1cca463bd5a65d5a6a954dc7a3ed55b20a085b6fd78e5d03c03c42320944e

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 5.1

SRPM
ppc

Red Hat Enterprise Linux Server from RHUI 5

SRPM
icu-3.6-5.11.1.src.rpm	SHA-256: 57b50d05363c8dd60b547300e80bd9053feaa7f0b8ced00f02f6591c0a899663
x86_64
icu-3.6-5.11.1.x86_64.rpm	SHA-256: 9ef42a791a4203788e50e13a0ac287a1724ac7e699af9d33e6e0f8e8898b9301
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-3.6-5.11.1.x86_64.rpm	SHA-256: 79a23c4987cdfc4a2717a72379f2e35d4edc812dd9ba5095468573a560dab086
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-devel-3.6-5.11.1.x86_64.rpm	SHA-256: 0105304263c4b0bc1832b92bd8faea02d40ea0e280a31f8f082fe5e7e9e89b47
libicu-doc-3.6-5.11.1.x86_64.rpm	SHA-256: 474529a2738b828afa4e722d5affcaf97265140dd9b323c45e963f8a2ca32ad9
i386
icu-3.6-5.11.1.i386.rpm	SHA-256: d8de220a250652409e9f86fc27a42c7b1e46c3310a0591edf67701efa256d43e
libicu-3.6-5.11.1.i386.rpm	SHA-256: e28b4f6fdc715152d35f31c182e79dd0e9b0574b7c3b138bc8606142dc26a213
libicu-devel-3.6-5.11.1.i386.rpm	SHA-256: c5540fa403980644975f6bdcd5008b6fde5c9d579ec7223fd1319a6bf7c25b2b
libicu-doc-3.6-5.11.1.i386.rpm	SHA-256: 5c9446df5f7e4c99e5fd581d78d72c3437a7de809decfca6afa47fc2a8e7d45e

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories