Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 591710 (CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134) - <dev-lang/php-5.6.25: Multiple vulnerabilities
Summary: <dev-lang/php-5.6.25: Multiple vulnerabilities
Alias: CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: A3 [glsa cve]
Depends on: CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418
  Show dependency tree
Reported: 2016-08-20 06:48 UTC by Hanno Böck
Modified: 2016-11-30 21:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-08-20 06:48:45 UTC
New PHP releases, as usual a bunch of security fixes, e.g. (probably incomplete):
Fixed bug #72681 (PHP Session Data Injection Vulnerability).
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
Fixed bug #72674 (Heap overflow in curl_escape).
Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
Fixed bug #72782 (Heap Overflow due to integer overflows).
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-09-02 10:58:25 UTC
Additional vulnerabilities fixed in the mentioned versions (see CVE request at


 - select_colors write out-of-bounds


 - Memory Leakage In exif_process_IFD_in_TIFF


 - wddx_deserialize null dereference

 - wddx_deserialize null dereference with invalid xml

 - wddx_deserialize null dereference in php_wddx_pop_element

PHP 7.0.10 only:


 - memory allocator fails to realloc small block to large one
Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev 2016-09-04 17:44:41 UTC
An additional bug became a vulnerability:


 - (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization)

CVEs are now assigned:
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2016-09-04 18:30:39 UTC
Arches, please test and mark stable:

Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-09-04 18:40:01 UTC
Please disregard the reference to PHP 7 above, the correct atom is 

Arches, please test and mark stable:
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-09 05:02:14 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2016-09-10 12:49:53 UTC
amd64 stable
Comment 7 Jeroen Roovers (RETIRED) gentoo-dev 2016-09-14 13:28:00 UTC
Stable for PPC64.
Comment 8 Tobias Klausmann (RETIRED) gentoo-dev 2016-09-17 09:52:18 UTC
Stable on alpha.
Comment 9 Kristian Fiskerstrand (RETIRED) gentoo-dev 2016-09-20 19:59:24 UTC
Stabilization of newer version in bug 594498
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:48:59 UTC
This issue was resolved and addressed in
 GLSA 201611-22 at
by GLSA coordinator Aaron Bauman (b-man).