Bug 991428 – VUL-0: CVE-2016-6289: php: Integer overflow leads to buffer overflow in virtual_file_ex

Bug 991428 - (CVE-2016-6289) VUL-0: CVE-2016-6289: php: Integer overflow leads to buffer overflow in virtual_file_ex

(CVE-2016-6289)
Summary:	VUL-0: CVE-2016-6289: php: Integer overflow leads to buffer overflow in virtu...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/171321/
Whiteboard:	CVSSv2:SUSE:CVE-2016-6289:6.8:(AV:N/A...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-08-01 08:45 UTC by Sebastian Krahmer
Modified:	2017-09-19 14:35 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
CVE-2016-6289.php (226 bytes, text/plain) 2016-08-23 06:42 UTC, Marcus Meissner	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sebastian Krahmer 2016-08-01 08:45:07 UTC

Quoting from RH BZ:

An integer overflow vulnerability was found in CWD_API virtual_file_ex in php-src/Zend/zend_virtual_cwd.c that allows to memcpy a large chunk of memory leading to buffer overflow.


rh#1359698

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1359698
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6289
http://seclists.org/oss-sec/2016/q3/137
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-6289.html
http://www.debian.org/security/2016/dsa-3631
http://www.cvedetails.com/cve/CVE-2016-6289/

Comment 1 Petr Gajdos 2016-08-01 14:55:00 UTC

https://bugs.php.net/bug.php?id=72513

http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87

Comment 2 Petr Gajdos 2016-08-04 08:54:23 UTC

I believe all affected code streams fixed.

Comment 3 Bernhard Wiedemann 2016-08-04 10:02:07 UTC

This is an autogenerated message for OBS integration:
This bug (991428) was mentioned in
https://build.opensuse.org/request/show/416889 13.2 / php5

Comment 7 Sebastian Krahmer 2016-08-10 10:00:41 UTC

CVSSv2:SUSE:CVE-2016-6289:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)

Comment 8 Swamp Workflow Management 2016-08-15 13:09:42 UTC

openSUSE-SU-2016:2071-1: An update that fixes 12 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437
CVE References: CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-72.1

Comment 9 Swamp Workflow Management 2016-08-16 11:11:18 UTC

SUSE-SU-2016:2080-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2015-8935,CVE-2016-5399,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php5-5.2.14-0.7.30.89.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php5-5.2.14-0.7.30.89.1

Comment 10 Marcus Meissner 2016-08-23 06:42:12 UTC

Created attachment 689045 [details]
CVE-2016-6289.php

QA REPRODUCER:

php CVE-2016-6289.php

should not crash

Comment 11 Swamp Workflow Management 2016-09-01 16:10:12 UTC

SUSE-SU-2016:2210-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 987530,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-79.2
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-79.2
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-79.2

Comment 13 Swamp Workflow Management 2016-09-16 19:09:56 UTC

SUSE-SU-2016:2328-1: An update that fixes 18 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,991426,991427,991428,991429,991430,991433,991437,997206,997207,997208,997210,997211,997220,997225,997230,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php53-5.3.17-55.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php53-5.3.17-55.1

Comment 14 Swamp Workflow Management 2016-09-28 13:11:06 UTC

SUSE-SU-2016:2408-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437,997206,997207,997208,997210,997211,997220,997225,997230,997248,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7134
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-73.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-73.1

Comment 15 Swamp Workflow Management 2016-10-04 15:12:26 UTC

openSUSE-SU-2016:2451-1: An update that fixes 24 vulnerabilities is now available.

Category: security (important)
Bug References: 987530,987580,988032,991422,991424,991426,991427,991428,991429,991430,991433,991434,991437,997206,997207,997208,997210,997211,997220,997225,997230,997248,997257
CVE References: CVE-2014-3587,CVE-2016-3587,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7134
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-59.1

Comment 16 Swamp Workflow Management 2016-10-05 19:10:03 UTC

SUSE-SU-2016:2460-1: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php7-7.0.7-15.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1

Comment 17 Marcus Meissner 2016-10-31 08:19:57 UTC

released

Comment 18 Swamp Workflow Management 2016-11-01 15:22:52 UTC

SUSE-SU-2016:2460-2: An update that solves 29 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820
CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418
Sources used:
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-15.1

Comment 19 Swamp Workflow Management 2017-01-30 13:30:16 UTC

An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63367