Package name
php-intl
Date
2010-12-15
Advisory ID
MDVSA-2010:255
Affected versions
MES5 i586 , MES5 x86_64

Problem description

A vulnerability was discovered and corrected in php-intl:

Integer overflow in the NumberFormatter::getSymbol (aka
numfmt_get_symbol) function in PHP 5.3.3 and earlier allows
context-dependent attackers to cause a denial of service (application
crash) via an invalid argument (CVE-2010-4409).

The updated packages have been upgraded to php-intl-1.1.2 and patched
to correct this issue.

Updated packages

MES5 i586

 e4150c29c342b12bf02f802692c3e9af  mes5/i586/php-intl-1.1.2-0.1mdvmes5.1.i586.rpm 
 cf1acac56b390efc3b731307a8d5b139  mes5/SRPMS/php-intl-1.1.2-0.1mdvmes5.1.src.rpm

MES5 x86_64

 0c5c740e3a0596ba5223de67e4219f58  mes5/x86_64/php-intl-1.1.2-0.1mdvmes5.1.x86_64.rpm 
 cf1acac56b390efc3b731307a8d5b139  mes5/SRPMS/php-intl-1.1.2-0.1mdvmes5.1.src.rpm

References