Bug 464168 (CVE-2008-1036)
Summary: | CVE-2008-1036 ICU: Invalid character sequences omission during conversion of some character encodings (XSS attack possible) | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | bressers, caolanm, djorm, kreilly | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-01-29 03:43:30 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 467949, 467950, 467974, 467975 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Jan Lieskovsky
2008-09-26 14:53:02 UTC
This issue affects the versions of the ICU package, as shipped with Red Hat Enterprise Linux 5 (icu-3.6.5-11.1.el5), with Red Hat Directory Server 8.0 (icu-3.6-4.el4dsrv and icu-3.6.1 for DS8.0 sparc), with the Red Hat Enterprise MRG product version 1.0 (icu-3.6.5-12.el4), within the Extra Packages for Enterprise Linux (EPEL) project (icu-3.6.4.el4.20) and as shipped with the Fedora releases of 8, 9 and 10. This issue does NOT affect the versions of the icu4j package, as shipped with Red Hat Application Stacks version 1 update 3 and version 2 update 1, with JBOSS Enterprise Application Platform release 4.2.0 and 4.3.0 and as shipped with Fedora releases of 8 and 9. Created attachment 321139 [details]
Here's my backport of the patch for reference
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:0296 http://rhn.redhat.com/errata/RHSA-2009:0296.html *** Bug 467974 has been marked as a duplicate of this bug. *** |