Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1060
icu security update
26 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: icu
Publisher: Debian
Operating System: Debian GNU/Linux 9
Debian GNU/Linux 10
Impact/Access: Denial of Service -- Remote with User Interaction
Execute Arbitrary Code/Commands -- Remote with User Interaction
Resolution: Patch/Upgrade
CVE Names: CVE-2020-10531
Reference: ESB-2020.1015
ESB-2020.0987
ESB-2020.0985
ESB-2020.0984
ESB-2020.0958
Original Bulletin:
http://www.debian.org/security/2020/dsa-4646
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- - -------------------------------------------------------------------------
Debian Security Advisory DSA-4646-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
March 25, 2020 https://www.debian.org/security/faq
- - -------------------------------------------------------------------------
Package : icu
CVE ID : CVE-2020-10531
Debian Bug : 953747
Andre Bargull discovered an integer overflow in the International
Components for Unicode (ICU) library which could result in denial of
service and potentially the execution of arbitrary code.
For the oldstable distribution (stretch), this problem has been fixed
in version 57.1-6+deb9u4.
For the stable distribution (buster), this problem has been fixed in
version 63.1-6+deb10u1.
We recommend that you upgrade your icu packages.
For the detailed security status of icu please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/icu
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl57hW9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SmchAAkFD6KbEBnsGjO6ZkxQIb1xp5votbZFnbKGWc2/zvJjn8razDuw0zU0CJ
ewdGDviwRm9BGbSax53/nIp21ceN38ntiv+GXexXmes79AcP0/XOlUjXT9UWWJ1n
bBWlCrAS6b9UK6dMpFq1iJOlxHlqSchDtndg1NWepENXPoJ5/ytVHPScBH12Fb1z
U8uPWJEEOmCdtUEkkXuzBIIxzRpyAP/jW+FvCeCKgHU6l04vaYY622n9dDiCs39x
uNtORWVdxXR6veXqiaKCX6NptbCybSP1iso+eggZrNrdjpiVxASyPWeO9uDQd9zD
j9dWhVpWVQU+x+5lXuAdiTCsD7J4i1o4L1nMencJ4GUFVj6cGNbe02ndCeBuUxmD
VTZK4FEwXfNpEKGJSQJ0ucSdrzZNPBCc/BjqZKcFTei+02scPDbAHEK7ziPyGExh
oLMiQSOks32lJ95zIj9gf8HETu2cRo4/sUY13ydPMkzeTl1H/57nY4qeQeny8Iyz
w93S6BIFKVpPQmiPsynXnq4CBUciwjV53z5fxBoq2KxZwhEQXYT2c56dnQrnMqwS
TLltx8eT4sd1gxvtUDYl1+6Br1yr4/rTZeP+zFjAHdt/ASIex0hviNiUF0Wxn5Ls
oa0alfqp6hK0TWPI+SR8IxlOnEHDIuoDkbgKUFkjEK9YWAgwgJo=
=/zwr
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXnwu5WaOgq3Tt24GAQiwGg//YJt4SRCkq/Csw/WaNuMOfFG8fq1pGBQ3
iGQLkHi/SOOs3dYNZipOAJ2T+qHXE2W9vFuBqiRxD0pxvrFQQF7u5B+7hu9KxRZH
VgZ6DjprhILWW/WsU+WfXxt39/NHHiWvispowc44fcM48iunKWMSbd4+lM1OD3qe
1OQvG6yNNvnFdKFiQiTrZXXDtIEFDbsNfr5YFNJFlxk87UzQz2q8qLdTDG5PQnKo
Nz+YJuKqArru7Z0GPjJcLNvcSvHWNILE94GisUflU86Y8yFgBzMXkVkh6r82EXwT
P4gzgJP8DO/1S7pC5kQGEoKkVmsbCvnIcz3kTaBPJH+oGuU6I2wAKH4YTyhREG0c
DTrn723K4pMxyj34DHU5/O2FqRXA9K1/rRETewjHd/HF1zOgttJbaKtPPNbBohoM
J6InY6T/HSvGwsTppx4fZLfc1HDwu8WbNUbwpTV/bMR5N8ytAti/kdyUiONGtFMe
IoiwSfK3Cr/Gv2SATPMKtxFg3vytDvRlpGb4kKSUvAUukRCDtKZokuajAOL7mpEL
2VvJMQd6T0/969kTV7URwGP4Gq7GP6dLj1W7Cu9X3DRAqJkHUBoeFdCQ7y1Vkfgr
oCy33QV0LKJa3/NDZv/O4g39z1kUZh/nNw5FbgeiRA3mWc0lTCeWEs3PBWOHYCTq
a5Kpf3ZV/rQ=
=AN17
-----END PGP SIGNATURE-----