Bug 999819 (CVE-2016-7418)

Summary:	VUL-0: CVE-2016-7418: php5, php7: Null pointer dereference in php_wddx_push_element
Product:	[Novell Products] SUSE Security Incidents	Reporter:	Victor Pereira <vpereira>
Component:	Incidents	Assignee:	Security Team bot <security-team>
Status:	RESOLVED FIXED	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	smash_bz
Version:	unspecified
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/172663/
Whiteboard:	maint:running:63038:important CVSSv2:NVD:CVE-2016-7418:5.0:(AV:N/AC:L/Au:N/C:N/I:N/A:P) CVSSv2:RedHat:CVE-2016-7418:4.3:(AV:N/AC:M/Au:N/C:N/I:N/A:P) CVSSv3:RedHat:CVE-2016-7418:7.5:(AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description Victor Pereira 2016-09-20 06:46:06 UTC

rh#1377352

A null pointer vulnerability was found in function wddx_deserialize.

Upstream bug:

https://bugs.php.net/bug.php?id=73065

Upstream patch:

https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1377352
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7418
http://seclists.org/oss-sec/2016/q3/518
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7418.html
http://www.cvedetails.com/cve/CVE-2016-7418/

Comment 1 Swamp Workflow Management 2016-09-20 22:00:26 UTC

bugbot adjusting priority

Comment 2 Petr Gajdos 2016-09-23 07:50:08 UTC

Both testcases in php bug and commit does not manifest the issue via segfault, valgrind errors or output. The testcase from the commit has the expected output everywhere from 12/php7 to 11/php5.

The fix fits everywhere though, considered all versions affected.

Comment 3 Bernhard Wiedemann 2016-09-23 10:01:44 UTC

This is an autogenerated message for OBS integration:
This bug (999819) was mentioned in
https://build.opensuse.org/request/show/429748 13.2 / php5
https://build.opensuse.org/request/show/429753 13.2 / php5

Comment 5 Petr Gajdos 2016-09-23 11:16:07 UTC

I believe all fixed.

Comment 8 Swamp Workflow Management 2016-10-04 14:11:19 UTC

openSUSE-SU-2016:2444-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-78.1

Comment 9 Swamp Workflow Management 2016-10-05 16:14:34 UTC

SUSE-SU-2016:2459-1: An update that fixes 16 vulnerabilities is now available.

Category: security (important)
Bug References: 997206,997207,997208,997210,997211,997220,997225,997230,997257,999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE OpenStack Cloud 5 (src):    php53-5.3.17-84.1
SUSE Manager Proxy 2.1 (src):    php53-5.3.17-84.1
SUSE Manager 2.1 (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-84.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    php53-5.3.17-84.1

Comment 10 Swamp Workflow Management 2016-10-05 19:13:23 UTC

SUSE-SU-2016:2460-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php7-7.0.7-15.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1

Comment 11 Swamp Workflow Management 2016-10-05 23:09:21 UTC

SUSE-SU-2016:2461-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php53-5.3.17-58.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php53-5.3.17-58.1

Comment 12 Swamp Workflow Management 2016-10-07 19:13:40 UTC

SUSE-SU-2016:2477-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-78.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-78.1

Comment 13 Swamp Workflow Management 2016-10-14 14:12:30 UTC

openSUSE-SU-2016:2540-1: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-62.1

Comment 14 Marcus Meissner 2016-10-31 08:47:35 UTC

released

Comment 15 Swamp Workflow Management 2016-11-01 15:08:13 UTC

SUSE-SU-2016:2477-2: An update that fixes 7 vulnerabilities is now available.

Category: security (important)
Bug References: 999679,999680,999682,999684,999685,999819,999820
CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-78.1

Comment 16 Swamp Workflow Management 2016-11-01 15:26:30 UTC

SUSE-SU-2016:2460-2: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1