Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 591710 (CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134) - <dev-lang/php-5.6.25: Multiple vulnerabilities
Summary: <dev-lang/php-5.6.25: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2016-7124, CVE-2016-7125, CVE-2016-7126, CVE-2016-7127, CVE-2016-7128, CVE-2016-7129, CVE-2016-7130, CVE-2016-7131, CVE-2016-7132, CVE-2016-7133, CVE-2016-7134
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://secure.php.net/ChangeLog-5.ph...
Whiteboard: A3 [glsa cve]
Keywords:
Depends on: CVE-2016-7411, CVE-2016-7412, CVE-2016-7413, CVE-2016-7414, CVE-2016-7416, CVE-2016-7417, CVE-2016-7418
Blocks:
  Show dependency tree
 
Reported: 2016-08-20 06:48 UTC by Hanno Böck
Modified: 2016-11-30 21:48 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hanno Böck gentoo-dev 2016-08-20 06:48:45 UTC
New PHP releases, as usual a bunch of security fixes, e.g. (probably incomplete):
Fixed bug #72681 (PHP Session Data Injection Vulnerability).
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
Fixed bug #72674 (Heap overflow in curl_escape).
Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
Fixed bug #72782 (Heap Overflow due to integer overflows).
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
Comment 1 Thomas Deutschmann gentoo-dev Security 2016-09-02 10:58:25 UTC
Additional vulnerabilities fixed in the mentioned versions (see CVE request at http://www.openwall.com/lists/oss-security/2016/09/02/5):


GD:

 - select_colors write out-of-bounds
   PHP-Bug: https://bugs.php.net/bug.php?id=72697


EXIF:

 - Memory Leakage In exif_process_IFD_in_TIFF
   PHP-Bug: https://bugs.php.net/bug.php?id=72627


WDDX:

 - wddx_deserialize null dereference
   PHP-Bug: https://bugs.php.net/bug.php?id=72750

 - wddx_deserialize null dereference with invalid xml
   PHP-Bug: https://bugs.php.net/bug.php?id=72790

 - wddx_deserialize null dereference in php_wddx_pop_element
   PHP-Bug: https://bugs.php.net/bug.php?id=72799


PHP 7.0.10 only:

Core:

 - memory allocator fails to realloc small block to large one
   PHP-Bug: https://bugs.php.net/bug.php?id=72742
Comment 2 Thomas Deutschmann gentoo-dev Security 2016-09-04 17:44:41 UTC
An additional bug became a vulnerability:

Core:

 - (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization)
   PHP-Bug: https://bugs.php.net/72663


CVEs are now assigned: http://www.openwall.com/lists/oss-security/2016/09/02/9
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-09-04 18:30:39 UTC
Arches, please test and mark stable:
=dev-lang/php-5.6.25
=dev-lang/php-7.0.10

Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86"
Comment 4 Kristian Fiskerstrand gentoo-dev Security 2016-09-04 18:40:01 UTC
Please disregard the reference to PHP 7 above, the correct atom is 

Arches, please test and mark stable:
=dev-lang/php-5.6.25
Stable targets: alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
Comment 5 Jeroen Roovers gentoo-dev 2016-09-09 05:02:14 UTC
Stable for HPPA.
Comment 6 Agostino Sarubbo gentoo-dev 2016-09-10 12:49:53 UTC
amd64 stable
Comment 7 Jeroen Roovers gentoo-dev 2016-09-14 13:28:00 UTC
Stable for PPC64.
Comment 8 Tobias Klausmann gentoo-dev 2016-09-17 09:52:18 UTC
Stable on alpha.
Comment 9 Kristian Fiskerstrand gentoo-dev Security 2016-09-20 19:59:24 UTC
Stabilization of newer version in bug 594498
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2016-11-30 21:48:59 UTC
This issue was resolved and addressed in
 GLSA 201611-22 at https://security.gentoo.org/glsa/201611-22
by GLSA coordinator Aaron Bauman (b-man).