Bug 991430 (CVE-2016-5399)

Summary: VUL-0: php5,php7,php53: CVE-2016-5399: php, bzip2: Improper error handling in bzread()
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: meissner, security-team, smash_bz, ursula.brueckner, vpereira
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/171122/
Whiteboard: CVSSv2:SUSE:CVE-2016-5399:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P) CVSSv2:RedHat:CVE-2016-5399:5.1:(AV:N/AC:H/Au:N/C:P/I:P/A:P) maint:running:62922:moderate
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: CVE-2016-5399.bz2
CVE-2016-5399.php

Comment 2 Petr Gajdos 2016-08-03 12:13:33 UTC
BEFORE I get a segfault for the testcase in commits from comment 1 for 12/php7 and 11sp3/php53.

AFTER I get no segfault.

One of the commits is for php7, second is for php5.
Comment 3 Petr Gajdos 2016-08-04 08:54:26 UTC
I believe all affected code streams fixed.
Comment 4 Bernhard Wiedemann 2016-08-04 10:02:29 UTC
This is an autogenerated message for OBS integration:
This bug (991430) was mentioned in
https://build.opensuse.org/request/show/416889 13.2 / php5
Comment 9 Sebastian Krahmer 2016-08-10 10:01:53 UTC
CVSSv2:SUSE:CVE-2016-5399:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Comment 10 Swamp Workflow Management 2016-08-15 13:09:59 UTC
openSUSE-SU-2016:2071-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437
CVE References: CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-72.1
Comment 11 Swamp Workflow Management 2016-08-16 11:11:37 UTC
SUSE-SU-2016:2080-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2015-8935,CVE-2016-5399,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php5-5.2.14-0.7.30.89.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php5-5.2.14-0.7.30.89.1
Comment 12 Marcus Meissner 2016-08-23 06:48:56 UTC
Created attachment 689048 [details]
CVE-2016-5399.bz2

QA REPRODUCER: 

(data part, script is in next comment)
Comment 13 Marcus Meissner 2016-08-23 06:49:25 UTC
Created attachment 689049 [details]
CVE-2016-5399.php

QA REPRODUCER:

php CVE-2016-5399.php

good: no output
bad: ERROR output
Comment 14 Swamp Workflow Management 2016-09-01 16:10:33 UTC
SUSE-SU-2016:2210-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987530,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-79.2
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-79.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-79.2
Comment 16 Swamp Workflow Management 2016-09-16 19:10:18 UTC
SUSE-SU-2016:2328-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,991426,991427,991428,991429,991430,991433,991437,997206,997207,997208,997210,997211,997220,997225,997230,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php53-5.3.17-55.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php53-5.3.17-55.1
Comment 17 Swamp Workflow Management 2016-09-28 13:11:27 UTC
SUSE-SU-2016:2408-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437,997206,997207,997208,997210,997211,997220,997225,997230,997248,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7134
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-73.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-73.1
Comment 18 Swamp Workflow Management 2016-10-04 15:12:46 UTC
openSUSE-SU-2016:2451-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437,997206,997207,997208,997210,997211,997220,997225,997230,997248,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7134
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-59.1
Comment 19 Swamp Workflow Management 2016-10-05 19:10:23 UTC
SUSE-SU-2016:2460-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php7-7.0.7-15.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1
Comment 21 Swamp Workflow Management 2016-11-01 15:23:12 UTC
SUSE-SU-2016:2460-2: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1