Bugzilla – Bug 1004924
VUL-0: CVE-2016-8670: libgd, php5, php53, php7: Stack Buffer Overflow in GD dynamicGetbuf
Last modified: 2019-06-05 06:38:42 UTC
Reference: http://seclists.org/oss-sec/2016/q4/133 ================================================== Hi On the PHP bug tracker Emmanuel Law reported a flaw in the libgd library in dynamicGetbuf. The PHP bug report is at (cannot quote the full report for the list archive, sinc a bit long): https://bugs.php.net/bug.php?id=73280 It has been reported upstream apparently (not via the issue tracker) and fixed in upstream as with commit: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9 Debian has issued a DSA containing this fix as well in DSA-3693-1, https://lists.debian.org/debian-security-announce/2016/msg00274.html Could you please assign a CVE for this issue? Regards, Salvatore ==================================================
We can fix the wrong return value while we're at it
bugbot adjusting priority
(In reply to Johannes Segitz from comment #1) This is tracked in bsc#1005274
(In reply to Johannes Segitz from comment #3) > (In reply to Johannes Segitz from comment #1) > This is tracked in bsc#1005274 Sense of such cloning/duplicating?
(In reply to Mikhail Kasimov from comment #4) Most of the time we open one bug for one CVE (sometimes we use tracker bugs, but that is rather seldom). In this case the other CVE showed up a day later, otherwise I probably would have merged them before and used only one bug.
(In reply to Johannes Segitz from comment #5) > (In reply to Mikhail Kasimov from comment #4) > Most of the time we open one bug for one CVE (sometimes we use tracker bugs, That works for me. I think there was misunderstanding in comment 4 because in comment 3 you cut off what actually is tracked in bug 1005274. One had to notice that there is a different CVE.
(In reply to Johannes Segitz from comment #5) > (In reply to Mikhail Kasimov from comment #4) > Most of the time we open one bug for one CVE (sometimes we use tracker bugs, > but that is rather seldom). In this case the other CVE showed up a day > later, otherwise I probably would have merged them before and used only one > bug. Ok, thanks! :) > That works for me. > > I think there was misunderstanding in comment 4 because in comment 3 you cut >off what actually is tracked in bug 1005274. One had to notice that there is a > different CVE. Quite so. :) No problem.
All versions of gd appears to be affected.
This is an autogenerated message for OBS integration: This bug (1004924) was mentioned in https://build.opensuse.org/request/show/436506 13.2 / gd
All versions of php-gd are affected. Packages submitted.
This is an autogenerated message for OBS integration: This bug (1004924) was mentioned in https://build.opensuse.org/request/show/436512 13.2 / php5
openSUSE-SU-2016:2606-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE 13.2 (src): php5-5.6.1-83.1
SUSE-SU-2016:2668-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Workstation Extension 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Software Development Kit 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Server 12-SP1 (src): gd-2.1.0-17.1 SUSE Linux Enterprise Desktop 12-SP1 (src): gd-2.1.0-17.1
SUSE-SU-2016:2670-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): gd-2.0.36.RC1-52.25.1 SUSE Linux Enterprise Server 11-SP4 (src): gd-2.0.36.RC1-52.25.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): gd-2.0.36.RC1-52.25.1
SUSE-SU-2016:2681-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-87.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-87.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-87.1
SUSE-SU-2016:2683-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php7-7.0.7-20.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-20.1
Created attachment 700044 [details] CVE-2016-8670.php QA REPRODUCER: php CVE-2016-8670.php should not crash
SUSE-SU-2016:2683-2: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-20.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-11-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63166
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2016-11-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63168
SUSE-SU-2016:2766-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php5-5.5.14-83.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-83.1
openSUSE-SU-2016:2772-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.1 (src): gd-2.1.0-13.1
released
openSUSE-SU-2016:2831-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.1 (src): php5-5.5.14-65.2
openSUSE-SU-2016:2837-1: An update that fixes three vulnerabilities is now available. Category: security (important) Bug References: 1001900,1004924,1005274 CVE References: CVE-2016-6911,CVE-2016-7568,CVE-2016-8670 Sources used: openSUSE Leap 42.2 (src): php5-5.5.14-65.1
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-02-13. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63366
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2017-02-13. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/63367