Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1060 icu security update 26 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: icu Publisher: Debian Operating System: Debian GNU/Linux 9 Debian GNU/Linux 10 Impact/Access: Denial of Service -- Remote with User Interaction Execute Arbitrary Code/Commands -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2020-10531 Reference: ESB-2020.1015 ESB-2020.0987 ESB-2020.0985 ESB-2020.0984 ESB-2020.0958 Original Bulletin: http://www.debian.org/security/2020/dsa-4646 - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-4646-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso March 25, 2020 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : icu CVE ID : CVE-2020-10531 Debian Bug : 953747 Andre Bargull discovered an integer overflow in the International Components for Unicode (ICU) library which could result in denial of service and potentially the execution of arbitrary code. For the oldstable distribution (stretch), this problem has been fixed in version 57.1-6+deb9u4. For the stable distribution (buster), this problem has been fixed in version 63.1-6+deb10u1. We recommend that you upgrade your icu packages. For the detailed security status of icu please refer to its security tracker page at: https://security-tracker.debian.org/tracker/icu Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl57hW9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0SmchAAkFD6KbEBnsGjO6ZkxQIb1xp5votbZFnbKGWc2/zvJjn8razDuw0zU0CJ ewdGDviwRm9BGbSax53/nIp21ceN38ntiv+GXexXmes79AcP0/XOlUjXT9UWWJ1n bBWlCrAS6b9UK6dMpFq1iJOlxHlqSchDtndg1NWepENXPoJ5/ytVHPScBH12Fb1z U8uPWJEEOmCdtUEkkXuzBIIxzRpyAP/jW+FvCeCKgHU6l04vaYY622n9dDiCs39x uNtORWVdxXR6veXqiaKCX6NptbCybSP1iso+eggZrNrdjpiVxASyPWeO9uDQd9zD j9dWhVpWVQU+x+5lXuAdiTCsD7J4i1o4L1nMencJ4GUFVj6cGNbe02ndCeBuUxmD VTZK4FEwXfNpEKGJSQJ0ucSdrzZNPBCc/BjqZKcFTei+02scPDbAHEK7ziPyGExh oLMiQSOks32lJ95zIj9gf8HETu2cRo4/sUY13ydPMkzeTl1H/57nY4qeQeny8Iyz w93S6BIFKVpPQmiPsynXnq4CBUciwjV53z5fxBoq2KxZwhEQXYT2c56dnQrnMqwS TLltx8eT4sd1gxvtUDYl1+6Br1yr4/rTZeP+zFjAHdt/ASIex0hviNiUF0Wxn5Ls oa0alfqp6hK0TWPI+SR8IxlOnEHDIuoDkbgKUFkjEK9YWAgwgJo= =/zwr - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXnwu5WaOgq3Tt24GAQiwGg//YJt4SRCkq/Csw/WaNuMOfFG8fq1pGBQ3 iGQLkHi/SOOs3dYNZipOAJ2T+qHXE2W9vFuBqiRxD0pxvrFQQF7u5B+7hu9KxRZH VgZ6DjprhILWW/WsU+WfXxt39/NHHiWvispowc44fcM48iunKWMSbd4+lM1OD3qe 1OQvG6yNNvnFdKFiQiTrZXXDtIEFDbsNfr5YFNJFlxk87UzQz2q8qLdTDG5PQnKo Nz+YJuKqArru7Z0GPjJcLNvcSvHWNILE94GisUflU86Y8yFgBzMXkVkh6r82EXwT P4gzgJP8DO/1S7pC5kQGEoKkVmsbCvnIcz3kTaBPJH+oGuU6I2wAKH4YTyhREG0c DTrn723K4pMxyj34DHU5/O2FqRXA9K1/rRETewjHd/HF1zOgttJbaKtPPNbBohoM J6InY6T/HSvGwsTppx4fZLfc1HDwu8WbNUbwpTV/bMR5N8ytAti/kdyUiONGtFMe IoiwSfK3Cr/Gv2SATPMKtxFg3vytDvRlpGb4kKSUvAUukRCDtKZokuajAOL7mpEL 2VvJMQd6T0/969kTV7URwGP4Gq7GP6dLj1W7Cu9X3DRAqJkHUBoeFdCQ7y1Vkfgr oCy33QV0LKJa3/NDZv/O4g39z1kUZh/nNw5FbgeiRA3mWc0lTCeWEs3PBWOHYCTq a5Kpf3ZV/rQ= =AN17 -----END PGP SIGNATURE-----