CVE-2009-0153

Common Vulnerabilities and Exposures

Upstream information

CVE-2009-0153 at MITRE

Description

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entries: 508070, 539839, 585717

SUSE Security Advisories:

SUSE-SR:2009:014, published Tue, 01 Sep 2009 07:00:00 +0000

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`icu >= 3.6-13.4` `icu-data >= 3.6-13.4` `libicu >= 3.6-13.4` `libicu-32bit >= 3.6-13.4` `libicu-64bit >= 3.6-13.4` `libicu-devel >= 3.6-13.4` `libicu-devel-32bit >= 3.6-13.4` `libicu-devel-64bit >= 3.6-13.4` `libicu-doc >= 3.6-13.4`
SUSE Linux Enterprise Desktop 10 SP2 for x86	`icu >= 3.4-16.10` `libicu >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422
SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T	`icu >= 3.4-16.10` `libicu >= 3.4-16.10` `libicu-32bit >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422
SUSE Linux Enterprise Server 10 SP2 for x86	`libicu >= 3.4-16.10` `libicu-devel >= 3.4-16.10` `libicu-doc >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422
SUSE Linux Enterprise Server 10 SP2 for IPF	`libicu >= 3.4-16.10` `libicu-devel >= 3.4-16.10` `libicu-doc >= 3.4-16.10` `libicu-x86 >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422
SUSE Linux Enterprise Server 10 SP2 for IBM POWER	`libicu >= 3.4-16.10` `libicu-64bit >= 3.4-16.10` `libicu-devel >= 3.4-16.10` `libicu-devel-64bit >= 3.4-16.10` `libicu-doc >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Server 10 SP2 for IBM zSeries 64bit	`libicu >= 3.4-16.10` `libicu-32bit >= 3.4-16.10` `libicu-devel >= 3.4-16.10` `libicu-devel-32bit >= 3.4-16.10` `libicu-doc >= 3.4-16.10`	sles10-sp2.x86-64 sles10-sp2.ia64 sled10-sp2.x86-64 sle10-sp2-sdk.x86-64 sles10-sp2.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sles10-sp2.ppc sle10-sp2-sdk.s390x sle10-sp2-sdk.ppc sles10-sp2.x86 ZYPP Patch Nr: 6422

Markets

Products By Category

Novell

NetIQ (Moving soon to NetIQ.com)

A-Z

Contribute