Red Hat Bugzilla – Bug 1377340
CVE-2016-7416 php: Stack based buffer overflow in msgfmt_format_message
Last modified: 2018-06-29 18:14:50 EDT
It was discovered that big locale string causes stack based overflow inside libicu. PHP bug: https://bugs.php.net/bug.php?id=73007 PHP patch: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1 CVE assignment: http://seclists.org/oss-sec/2016/q3/518
Created php tracking bugs for this issue: Affects: fedora-all [bug 1377366]
Note: CVE assignment info: The related upstream code can be found in the http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file. What we will do for now is assign one CVE ID for the "ICU for C/C++" product and a separate CVE ID for PHP. In other words, the bug #73007 discoverer has indicated that it is a bug in that ICU product. However, it is a bug at a different level within the PHP distribution, because 6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b implies that PHP is intended to operate safely even with an unpatched copy of the ICU library. Use CVE-2016-7415 for ICU for C/C++. Use CVE-2016-7416 for PHP. (If there happens to be further information indicating that locid.cpp was supposed to behave as originally written, then we can reject CVE-2016-7415.)
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Via RHSA-2018:1296 https://access.redhat.com/errata/RHSA-2018:1296