Lucene search
UbuntuUSN-846-1HistoryOct 08, 2009 - 12:00 a.m.
ICU vulnerability
2009-10-0800:00:00
ubuntu.com
41
5.6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.9%
Releases
- Ubuntu 9.04
- Ubuntu 8.10
- Ubuntu 8.04
Packages
- icu -
Details
It was discovered that ICU did not properly handle invalid byte sequences
during Unicode conversion. If an application using ICU processed crafted
data, content security mechanisms could be bypassed, potentially leading to
cross-site scripting (XSS) attacks.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 9.04 | noarch | libicu38 | <Â 3.8.1-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | lib32icu-dev | <Â 3.8.1-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | lib32icu38 | <Â 3.8.1-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libicu-dev | <Â 3.8.1-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 9.04 | noarch | libicu38-dbg | <Â 3.8.1-3ubuntu1.1 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libicu38 | <Â 3.8.1-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 8.10 | noarch | lib32icu-dev | <Â 3.8.1-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 8.10 | noarch | lib32icu38 | <Â 3.8.1-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libicu-dev | <Â 3.8.1-2ubuntu0.2 | UNKNOWN |
| Ubuntu | 8.10 | noarch | libicu38-dbg | <Â 3.8.1-2ubuntu0.2 | UNKNOWN |
References
Related
openvas
openvas
CentOS Security Advisory CESA-2009:1122 (icu)
2009-06-30 00:00:00
Fedora Core 10 FEDORA-2009-6273 (icu)
2009-06-23 00:00:00
SLES10: Security update for icu
2009-10-13 00:00:00
redhat
redhat
(RHSA-2009:1122) Moderate: icu security update
2009-06-25 00:00:00
nessus
nessus
openSUSE 10 Security Update : icu (icu-6322)
2009-10-06 00:00:00
openSUSE Security Update : icu (icu-1028)
2009-08-20 00:00:00
Fedora 9 : icu-3.8.1-9.fc9 (2009-6121)
2009-06-16 00:00:00
debiancve
debiancve
CVE-2009-0153
2009-05-13 15:30:00
securityvulns
securityvulns
[SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing
2009-09-18 00:00:00
libicu multibyte character sequences invalid parsing.
2009-09-18 00:00:00
Apple Mac OS X multiple security vulnerabilities
2009-05-29 00:00:00
ubuntucve
ubuntucve
CVE-2009-0153
2009-05-13 00:00:00
prion
prion
Cross site scripting
2009-05-13 15:30:00
oraclelinux
oraclelinux
icu security update
2009-06-25 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: icu-3.8.1-9.fc9
2009-06-16 01:42:34
[SECURITY] Fedora 10 Update: icu-4.0-3.1.fc10
2009-06-16 02:03:43
centos
centos
icu, libicu security update
2009-06-26 13:59:32
debian
debian
[SECURITY] [DSA 1889-1] New icu packages correct multibyte sequence parsing
2009-09-16 19:10:17
cve
cve
CVE-2009-0153
2009-05-13 15:30:00
5.6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.006 Low
EPSS
Percentile
78.9%
Related for USN-846-1