Bug 986392 - (CVE-2016-5770) VUL-0: CVE-2016-5770: php5,php53: int/size_t confusion in SplFileObject::fread
(CVE-2016-5770)
VUL-0: CVE-2016-5770: php5,php53: int/size_t confusion in SplFileObject::fread
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/170462/
CVSSv2:SUSE:CVE-2016-5770:4.4:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-24 10:34 UTC by Marcus Meissner
Modified: 2022-08-03 13:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
xx.php (134 bytes, text/plain)
2016-06-24 10:35 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-24 10:34:32 UTC
http://seclists.org/oss-sec/2016/q2/589

    - SPL:
        Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)

    https://bugs.php.net/bug.php?id=72262
    http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba


Use CVE-2016-5770.
Comment 1 Marcus Meissner 2016-06-24 10:35:24 UTC
Created attachment 682020 [details]
xx.php

QA REPRODUCER:

php xx.php
Segmentation fault
Comment 2 Swamp Workflow Management 2016-06-24 22:01:18 UTC
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-06-27 09:01:28 UTC
12sp2/php7 does not segfault, even bails out after a second. The code is there, though and the check should not harm.

13.2/php5, 12/php5 affected.

11sp3/php53, 11/php5 do not have plFileObject::fread().

AFTER:

$ php xx.php
PHP Warning:  SplFileObject::fread(): Length parameter must be no more than 2147483647
$
Comment 4 Petr Gajdos 2016-06-29 08:44:06 UTC
Packages submitted.
Comment 6 Bernhard Wiedemann 2016-06-29 10:01:00 UTC
This is an autogenerated message for OBS integration:
This bug (986392) was mentioned in
https://build.opensuse.org/request/show/405425 13.2 / php5
Comment 8 Bernhard Wiedemann 2016-06-29 14:04:09 UTC
This is an autogenerated message for OBS integration:
This bug (986392) was mentioned in
https://build.opensuse.org/request/show/405458 13.2 / php5
Comment 9 Swamp Workflow Management 2016-07-07 16:09:35 UTC
openSUSE-SU-2016:1761-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986246,986247,986386,986388,986391,986392,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772,CVE-2016-5773
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-69.1
Comment 12 Swamp Workflow Management 2016-07-20 22:10:35 UTC
SUSE-SU-2016:1842-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-68.1
Comment 13 Swamp Workflow Management 2016-08-01 03:10:21 UTC
openSUSE-SU-2016:1922-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-56.1
Comment 14 Marcus Meissner 2016-08-01 11:21:21 UTC
released