Bug 736146 - VUL-0: icu: out of bounds access
VUL-0: icu: out of bounds access
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: General
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
. maint:released:sle11-sp2:50670
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-12-12 08:24 UTC by Ludwig Nussel
Modified: 2013-01-21 15:16 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ludwig Nussel 2011-12-12 08:24:51 UTC
Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2011-4599

An of bounds access was reported in icu:
http://bugs.icu-project.org/trac/ticket/8984
http://codereview.chromium.org/8822005/patch/6001/7002

potential buffer overflow with negative lengths at the strncpy at the end of the function
Comment 1 Swamp Workflow Management 2011-12-12 08:47:51 UTC
The SWAMPID for this issue is 44540.
This issue was rated as moderate.
Please submit fixed packages until 2011-12-26.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 2 Swamp Workflow Management 2011-12-12 23:00:16 UTC
bugbot adjusting priority
Comment 3 Stephen Shaw 2012-01-12 23:09:12 UTC
this is fixed along with bnc#657910

packages have been submitted to:
sle 11 sp1
openSUSE 11.3
openSUSE 11.4
openSUSE 12.1
(not needed in sle 10)
Comment 4 Bernhard Wiedemann 2012-01-13 00:00:19 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/100116 11.3 / icu
https://build.opensuse.org/request/show/100117 11.4 / icu
https://build.opensuse.org/request/show/100118 12.1 / icu
Comment 5 Bernhard Wiedemann 2012-01-22 15:00:45 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/101057 Evergreen:11.1 / icu
Comment 6 Bernhard Wiedemann 2012-01-22 18:00:59 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/101070 Evergreen:11.1 / icu
Comment 7 Bernhard Wiedemann 2012-01-23 09:00:25 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/101091 Evergreen:11.1 / icu
Comment 8 Bernhard Wiedemann 2012-01-23 15:00:18 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/101144 Evergreen:11.2 / icu
Comment 9 Bernhard Wiedemann 2012-01-23 16:00:24 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/101146 Evergreen:11.2 / icu
Comment 10 Sebastian Krahmer 2012-01-24 13:28:38 UTC
done
Comment 11 Bernhard Wiedemann 2012-01-30 11:00:46 UTC
This is an autogenerated message for OBS integration:
This bug (736146) was mentioned in
https://build.opensuse.org/request/show/102001 Evergreen:11.2 / icu
Comment 12 Swamp Workflow Management 2013-01-07 13:26:32 UTC
The SWAMPID for this issue is 50668.
This issue was rated as moderate.
Please submit fixed packages until 2013-01-21.
When done, please reassign the bug to security-team@suse.de.
Patchinfo will be handled by security team.
Comment 13 Swamp Workflow Management 2013-01-21 13:21:10 UTC
Update released for: icu, icu-data, icu-debuginfo, icu-debugsource, libicu, libicu-32bit, libicu-devel, libicu-devel-32bit, libicu-doc, libicu-x86
Products:
SLE-DEBUGINFO 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-DESKTOP 11-SP2 (i386, x86_64)
SLE-SDK 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLE-SERVER 11-SP2 (i386, ia64, ppc64, s390x, x86_64)
SLES4VMWARE 11-SP2 (i386, x86_64)