Bug 657910

Summary: VUL-1: icu unum_setSymbol/unum_getSymbol crash
Product: [Novell Products] SUSE Security Incidents Reporter: Ludwig Nussel <lnussel>
Component: GeneralAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team, vuntz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: maint:running:50668:moderate maint:released:sle10-sp3:50673 maint:released:sle11-sp2:50670
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Ludwig Nussel 2010-12-07 07:52:07 UTC 
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2010-4409

------------------------------------------------------------------------------
Date: Mon, 6 Dec 2010 10:15:28 -0700
From: Vincent Danen <vdanen@redhat.com>
Subject: [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900)

I haven't seen a CVE request for this already, and can't find a CVE name
if one has been assigned.

CERT has a bulletin up regarding a DoS in the getSymbol() function
(integer overflow vulnerability):

http://www.kb.cert.org/vuls/id/479900
http://svn.php.net/viewvc?view=revision&revision=305571
http://php.net/manual/en/numberformatter.getsymbol.php

Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the
only versions with that function.

Does anyone know if a CVE has been assigned to this?  If not, could one
be assigned?

-- 
Vincent Danen / Red Hat Security Response Team
Comment 1 Ludwig Nussel 2010-12-07 12:25:49 UTC 
Date: Tue, 7 Dec 2010 12:01:47 +0100
From: Tomas Hoger <thoger@redhat.com>
Subject: Re: [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT
 VU#479900)

Btw, setSymbol() is affected too, and does not seem to be addressed in
r305571.  In both cases, it's PHP exposing ICU bug.

-- 
Tomas Hoger / Red Hat Security Response Team
Comment 2 Ludwig Nussel 2010-12-07 12:35:09 UTC 
Actually an icu bug:
http://bugs.icu-project.org/trac/ticket/8218

reassigning.

It's questionable whether 'symbol' is likely to be user specified anyways.
Comment 3 Swamp Workflow Management 2011-12-12 08:47:51 UTC 
The SWAMPID for this issue is 44540.
This issue was rated as moderate.
Please submit fixed packages until 2011-12-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 6 Stephen Shaw 2012-01-06 04:59:58 UTC 
Ok, fixed and submitted to:
I don't have the SR ids for SLE because I can't get on the VPN
SLE 10 SP4
SLE 11 SP1
openSUSE 11.3 - 99210
openSUSE 11.4 - 99209
openSUSE 12.1 - 99208
Comment 7 Bernhard Wiedemann 2012-01-10 22:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/99677 11.3 / icu
https://build.opensuse.org/request/show/99678 11.4 / icu
https://build.opensuse.org/request/show/99679 12.1 / icu
Comment 10 Stephen Shaw 2012-01-12 23:07:49 UTC 
These submits also fix bnc#736146
Comment 11 Bernhard Wiedemann 2012-01-13 00:00:14 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/100116 11.3 / icu
https://build.opensuse.org/request/show/100117 11.4 / icu
https://build.opensuse.org/request/show/100118 12.1 / icu
Comment 12 Bernhard Wiedemann 2012-01-22 15:00:20 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/101057 Evergreen:11.1 / icu
Comment 13 Bernhard Wiedemann 2012-01-22 18:00:54 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/101070 Evergreen:11.1 / icu
Comment 14 Bernhard Wiedemann 2012-01-23 09:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/101091 Evergreen:11.1 / icu
Comment 15 Bernhard Wiedemann 2012-01-23 15:00:13 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/101144 Evergreen:11.2 / icu
Comment 16 Bernhard Wiedemann 2012-01-23 16:00:10 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/101146 Evergreen:11.2 / icu
Comment 17 Sebastian Krahmer 2012-01-24 13:31:36 UTC 
done
Comment 19 Bernhard Wiedemann 2012-01-30 11:00:19 UTC 
This is an autogenerated message for OBS integration:
This bug (657910) was mentioned in
https://build.opensuse.org/request/show/102001 Evergreen:11.2 / icu
Comment 20 Swamp Workflow Management 2013-01-21 11:04:42 UTC 
Update released for: icu, icu-data, icu-debuginfo, libicu, libicu-32bit, libicu-devel, libicu-devel-32bit, libicu-doc
Products:
SLE-SERVER 10-SP3-TERADATA (x86_64)
Comment 21 Swamp Workflow Management 2013-01-21 13:21:21 UTC 
Update released for: icu, icu-data, icu-debuginfo, icu-debugsource, libicu, libicu-32bit, libicu-devel, libicu-devel-32bit, libicu-doc, libicu-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)