Bug 986386 - (CVE-2016-5766) VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulting in heap overflow
(CVE-2016-5766)
VUL-0: CVE-2016-5766: php5,php53: Integer Overflow in _gd2GetHeader() resulti...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/170460/
CVSSv2:SUSE:CVE-2016-5766:6.8:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-06-24 10:00 UTC by Marcus Meissner
Modified: 2017-10-26 05:47 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
bug72339.gd.bz2 (110 bytes, application/octet-stream)
2016-06-24 10:07 UTC, Marcus Meissner
Details
xx.php (44 bytes, text/plain)
2016-06-24 10:07 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-24 10:00:10 UTC
http://seclists.org/oss-sec/2016/q2/589

    GD:
        Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in
        heap overflow). (Pierre)

    https://bugs.php.net/bug.php?id=72339
    http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac


Use CVE-2016-5766.
Comment 1 Petr Gajdos 2016-06-24 10:04:27 UTC
Note that you maybe should start to write also php7 as we are going to maintain it in 12sp2 and there is no room for version update anymore - Leonardo push it into QA.
Comment 2 Marcus Meissner 2016-06-24 10:07:12 UTC
Created attachment 682013 [details]
bug72339.gd.bz2

QA REPRODUCER:

download this file,
bunzip2 bug72339.gd.bz2

... continue in next comment ...
Comment 3 Marcus Meissner 2016-06-24 10:07:39 UTC
Created attachment 682014 [details]
xx.php

QA REPRODUCER:

php xx.php


will crash with the supplied gd file.
Comment 4 Marcus Meissner 2016-06-24 10:09:38 UTC
hmm yes.

you can still push a minor version update for php7 currently, as QA has not started testing it yet.
Comment 5 Swamp Workflow Management 2016-06-24 22:00:44 UTC
bugbot adjusting priority
Comment 6 Petr Gajdos 2016-06-27 15:17:48 UTC
Segfaults for 12sp2/php7 down to 11/php5.
Comment 7 Petr Gajdos 2016-06-29 08:43:02 UTC
Packages submitted.
Comment 9 Bernhard Wiedemann 2016-06-29 10:00:43 UTC
This is an autogenerated message for OBS integration:
This bug (986386) was mentioned in
https://build.opensuse.org/request/show/405425 13.2 / php5
Comment 11 Bernhard Wiedemann 2016-06-29 14:03:17 UTC
This is an autogenerated message for OBS integration:
This bug (986386) was mentioned in
https://build.opensuse.org/request/show/405458 13.2 / php5
Comment 12 Swamp Workflow Management 2016-07-07 16:09:07 UTC
openSUSE-SU-2016:1761-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986246,986247,986386,986388,986391,986392,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772,CVE-2016-5773
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-69.1
Comment 15 Swamp Workflow Management 2016-07-20 22:10:04 UTC
SUSE-SU-2016:1842-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-68.1
Comment 16 Swamp Workflow Management 2016-08-01 03:09:53 UTC
openSUSE-SU-2016:1922-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-56.1
Comment 19 Swamp Workflow Management 2016-08-09 15:38:25 UTC
SUSE-SU-2016:2013-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-74.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-74.1
Comment 20 Sebastian Krahmer 2016-08-10 10:03:28 UTC
CVSSv2:SUSE:CVE-2016-5766:6.8:(AV:N/AC:M/Au:N/C:P/I:P/A:P)
Comment 21 Swamp Workflow Management 2016-08-16 11:10:31 UTC
SUSE-SU-2016:2080-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2015-8935,CVE-2016-5399,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php5-5.2.14-0.7.30.89.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php5-5.2.14-0.7.30.89.1
Comment 23 Petr Gajdos 2017-08-08 11:10:55 UTC
http://git.php.net/?p=php-src.git;a=commit;h=5f107ab8a66f8b36ac0c0b32e0231bf94e083c94

This is also needed to not use unitialized variable.
Comment 24 Petr Gajdos 2017-08-08 11:37:09 UTC
Packages submitted for: 12/php7, 12/php5, 11sp3/php53, 11/php5 and 10sp3/php5.
Comment 28 Swamp Workflow Management 2017-08-30 17:32:41 UTC
SUSE-SU-2017:2303-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1047454,1048094,1048096,1048100,1048111,1048112,1050241,1050726,1052389,1053645,986386
CVE References: CVE-2016-10397,CVE-2016-5766,CVE-2017-11142,CVE-2017-11144,CVE-2017-11145,CVE-2017-11146,CVE-2017-11147,CVE-2017-11628,CVE-2017-7890
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php7-7.0.7-50.9.2
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php7-7.0.7-50.9.2
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-50.9.2
Comment 29 Swamp Workflow Management 2017-09-01 01:08:36 UTC
SUSE-SU-2017:2317-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047454,1048094,1048096,1048097,1048111,1048112,1050241,1050726,986386
CVE References: CVE-2016-10397,CVE-2016-5766,CVE-2017-11143,CVE-2017-11144,CVE-2017-11145,CVE-2017-11146,CVE-2017-11147,CVE-2017-11628,CVE-2017-7890
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php5-5.5.14-109.5.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php5-5.5.14-109.5.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-109.5.1
Comment 30 Swamp Workflow Management 2017-09-04 10:09:28 UTC
openSUSE-SU-2017:2337-1: An update that solves 9 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1047454,1048094,1048096,1048100,1048111,1048112,1050241,1050726,1052389,1053645,986386
CVE References: CVE-2016-10397,CVE-2016-5766,CVE-2017-11142,CVE-2017-11144,CVE-2017-11145,CVE-2017-11146,CVE-2017-11147,CVE-2017-11628,CVE-2017-7890
Sources used:
openSUSE Leap 42.3 (src):    php7-7.0.7-19.1
openSUSE Leap 42.2 (src):    php7-7.0.7-14.9.1
Comment 32 Swamp Workflow Management 2017-09-06 01:11:15 UTC
openSUSE-SU-2017:2366-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047454,1048094,1048096,1048097,1048111,1048112,1050241,1050726,986386
CVE References: CVE-2016-10397,CVE-2016-5766,CVE-2017-11143,CVE-2017-11144,CVE-2017-11145,CVE-2017-11146,CVE-2017-11147,CVE-2017-11628,CVE-2017-7890
Sources used:
openSUSE Leap 42.3 (src):    php5-5.5.14-82.1
openSUSE Leap 42.2 (src):    php5-5.5.14-77.9.1
Comment 33 Swamp Workflow Management 2017-09-18 16:12:40 UTC
SUSE-SU-2017:2522-1: An update that fixes 10 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1047454,1048094,1048096,1048111,1048112,1050241,1050726,1054430,986386
CVE References: CVE-2016-10168,CVE-2016-10397,CVE-2016-5766,CVE-2017-11144,CVE-2017-11145,CVE-2017-11146,CVE-2017-11147,CVE-2017-11628,CVE-2017-12933,CVE-2017-7890
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-112.5.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-112.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-112.5.1
Comment 34 Marcus Meissner 2017-10-26 05:47:34 UTC
released