Bug 681195 - VUL-1: php5: NumberFormatter::setSymbol crash
VUL-1: php5: NumberFormatter::setSymbol crash
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:11.3:41263 maint:relea...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-21 09:17 UTC by Ludwig Nussel
Modified: 2011-06-17 21:00 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-03-21 09:17:46 UTC
Your friendly security team received the following report via mitre.
Please respond ASAP.
The issue is public.

-------8<-------
======================================================
Name: CVE-2011-1467
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.

Reference: CONFIRM: http://www.php.net/ChangeLog-5.php
Reference: CONFIRM: http://bugs.php.net/bug.php?id=53512
Comment 1 Petr Gajdos 2011-05-31 13:22:59 UTC
See following submit requests:
11.4:  #72274
11.3:  #72275
11sp1: #12488
10sp4: #12489
10sp3: #12490
Comment 2 Bernhard Wiedemann 2011-05-31 14:00:28 UTC
This is an autogenerated message for OBS integration:
This bug (681195) was mentioned in
https://build.opensuse.org/request/show/72274 11.4 / php5
https://build.opensuse.org/request/show/72275 11.3 / php5
Comment 3 Swamp Workflow Management 2011-06-01 07:50:55 UTC
The SWAMPID for this issue is 41262.
This issue was rated as moderate.
Please submit fixed packages until 2011-06-15.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 4 Swamp Workflow Management 2011-06-16 11:33:40 UTC
Update released for: apache2-mod_php5, apache2-mod_php5-debuginfo, php5, php5-bcmath, php5-bcmath-debuginfo, php5-bz2, php5-bz2-debuginfo, php5-calendar, php5-calendar-debuginfo, php5-ctype, php5-ctype-debuginfo, php5-curl, php5-curl-debuginfo, php5-dba, php5-dba-debuginfo, php5-debuginfo, php5-debugsource, php5-devel, php5-dom, php5-dom-debuginfo, php5-enchant, php5-enchant-debuginfo, php5-exif, php5-exif-debuginfo, php5-fastcgi, php5-fastcgi-debuginfo, php5-fileinfo, php5-fileinfo-debuginfo, php5-fpm, php5-fpm-debuginfo, php5-ftp, php5-ftp-debuginfo, php5-gd, php5-gd-debuginfo, php5-gettext, php5-gettext-debuginfo, php5-gmp, php5-gmp-debuginfo, php5-hash, php5-hash-debuginfo, php5-iconv, php5-iconv-debuginfo, php5-imap, php5-imap-debuginfo, php5-intl, php5-intl-debuginfo, php5-json, php5-json-debuginfo, php5-ldap, php5-ldap-debuginfo, php5-mbstring, php5-mbstring-debuginfo, php5-mcrypt, php5-mcrypt-debuginfo, php5-mysql, php5-mysql-debuginfo, php5-odbc, php5-odbc-debuginfo, php5-openssl, php5-openssl-debuginfo, php5-pcntl, php5-pcntl-debuginfo, php5-pdo, php5-pdo-debuginfo, php5-pear, php5-pgsql, php5-pgsql-debuginfo, php5-phar, php5-phar-debuginfo, php5-posix, php5-posix-debuginfo, php5-pspell, php5-pspell-debuginfo, php5-readline, php5-readline-debuginfo, php5-shmop, php5-shmop-debuginfo, php5-snmp, php5-snmp-debuginfo, php5-soap, php5-soap-debuginfo, php5-sockets, php5-sockets-debuginfo, php5-sqlite, php5-sqlite-debuginfo, php5-suhosin, php5-suhosin-debuginfo, php5-sysvmsg, php5-sysvmsg-debuginfo, php5-sysvsem, php5-sysvsem-debuginfo, php5-sysvshm, php5-sysvshm-debuginfo, php5-tidy, php5-tidy-debuginfo, php5-tokenizer, php5-tokenizer-debuginfo, php5-wddx, php5-wddx-debuginfo, php5-xmlreader, php5-xmlreader-debuginfo, php5-xmlrpc, php5-xmlrpc-debuginfo, php5-xmlwriter, php5-xmlwriter-debuginfo, php5-xsl, php5-xsl-debuginfo, php5-zip, php5-zip-debuginfo, php5-zlib, php5-zlib-debuginfo
Products:
openSUSE 11.3 (debug, i586, x86_64)
openSUSE 11.4 (debug, i586, x86_64)
Comment 5 Ludwig Nussel 2011-06-16 11:38:34 UTC
released
Comment 6 Bernhard Wiedemann 2011-06-17 21:00:36 UTC
This is an autogenerated message for OBS integration:
This bug (681195) was mentioned in
https://build.opensuse.org/request/show/74083 Evergreen:11.2 / php5