Bugzilla – Bug 657910
VUL-1: icu unum_setSymbol/unum_getSymbol crash
Last modified: 2019-06-18 14:39:33 UTC
Your friendly security team received the following report via oss-security. Please respond ASAP. The issue is public. CVE-2010-4409 ------------------------------------------------------------------------------ Date: Mon, 6 Dec 2010 10:15:28 -0700 From: Vincent Danen <vdanen@redhat.com> Subject: [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) I haven't seen a CVE request for this already, and can't find a CVE name if one has been assigned. CERT has a bulletin up regarding a DoS in the getSymbol() function (integer overflow vulnerability): http://www.kb.cert.org/vuls/id/479900 http://svn.php.net/viewvc?view=revision&revision=305571 http://php.net/manual/en/numberformatter.getsymbol.php Only affects PHP 5.3.x and probably PECL intl >= 1.0.0 as those are the only versions with that function. Does anyone know if a CVE has been assigned to this? If not, could one be assigned? -- Vincent Danen / Red Hat Security Response Team
Date: Tue, 7 Dec 2010 12:01:47 +0100 From: Tomas Hoger <thoger@redhat.com> Subject: Re: [oss-security] CVE request (PHP 5.3.x getSymbol() DoS; CERT VU#479900) Btw, setSymbol() is affected too, and does not seem to be addressed in r305571. In both cases, it's PHP exposing ICU bug. -- Tomas Hoger / Red Hat Security Response Team
Actually an icu bug: http://bugs.icu-project.org/trac/ticket/8218 reassigning. It's questionable whether 'symbol' is likely to be user specified anyways.
The SWAMPID for this issue is 44540. This issue was rated as moderate. Please submit fixed packages until 2011-12-26. When done, please reassign the bug to security-team@suse.de. Patchinfo will be handled by security team.
Upstream fix: http://bugs.icu-project.org/trac/changeset/29683/icu/trunk/source/i18n/unum.cpp
Ok, fixed and submitted to: I don't have the SR ids for SLE because I can't get on the VPN SLE 10 SP4 SLE 11 SP1 openSUSE 11.3 - 99210 openSUSE 11.4 - 99209 openSUSE 12.1 - 99208
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/99677 11.3 / icu https://build.opensuse.org/request/show/99678 11.4 / icu https://build.opensuse.org/request/show/99679 12.1 / icu
These submits also fix bnc#736146
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/100116 11.3 / icu https://build.opensuse.org/request/show/100117 11.4 / icu https://build.opensuse.org/request/show/100118 12.1 / icu
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/101057 Evergreen:11.1 / icu
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/101070 Evergreen:11.1 / icu
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/101091 Evergreen:11.1 / icu
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/101144 Evergreen:11.2 / icu
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/101146 Evergreen:11.2 / icu
done
This is an autogenerated message for OBS integration: This bug (657910) was mentioned in https://build.opensuse.org/request/show/102001 Evergreen:11.2 / icu
Update released for: icu, icu-data, icu-debuginfo, libicu, libicu-32bit, libicu-devel, libicu-devel-32bit, libicu-doc Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
Update released for: icu, icu-data, icu-debuginfo, icu-debugsource, libicu, libicu-32bit, libicu-devel, libicu-devel-32bit, libicu-doc, libicu-x86 Products: SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-DESKTOP 11-SP2 (i386, x86_64) SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64) SLES4VMWARE 11-SP2 (i386, x86_64)