Bug 1015189 - (CVE-2016-9935) VUL-0: CVE-2016-9935: php5,php53,php7: Invalid read when wddx decodes empty boolean element
(CVE-2016-9935)
VUL-0: CVE-2016-9935: php5,php53,php7: Invalid read when wddx decodes empty b...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2016-9935:1.5:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-12-12 18:22 UTC by Mikhail Kasimov
Modified: 2017-09-20 06:35 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE-2016-9935.php (203 bytes, text/plain)
2016-12-13 16:10 UTC, Marcus Meissner
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-12-12 18:22:35 UTC
Reference: http://seclists.org/oss-sec/2016/q4/658
===================================================
    Fixed in PHP 5.6.29 and 7.0.14:
    Bug #73631    Invalid read when wddx decodes empty boolean element
    https://bugs.php.net/bug.php?id=73631
    https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0


Use CVE-2016-9935.

===================================================
Comment 1 Swamp Workflow Management 2016-12-12 23:02:39 UTC
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-12-13 16:10:58 UTC
Created attachment 706293 [details]
CVE-2016-9935.php

QA REPRODUCER:

php CVE-2016-9935.php

should not segfault.
Comment 3 Marcus Meissner 2016-12-13 16:14:53 UTC
php53 also crashes, assmunuing all affected.
Comment 4 Petr Gajdos 2016-12-14 12:04:39 UTC
Yes, crashes from php7 to 10sp3/php5.
Comment 5 Petr Gajdos 2016-12-14 13:45:37 UTC
All affected down to 11/php5.

AFTER

$ php test.php

float(2261634.5098039)
$
Comment 6 Petr Gajdos 2016-12-14 19:06:59 UTC
Packages submitted.
Comment 8 Bernhard Wiedemann 2016-12-14 21:00:50 UTC
This is an autogenerated message for OBS integration:
This bug (1015189) was mentioned in
https://build.opensuse.org/request/show/445958 13.2 / php5
Comment 9 Swamp Workflow Management 2016-12-19 14:38:20 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-01-02.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63304
Comment 10 Swamp Workflow Management 2016-12-22 14:17:00 UTC
openSUSE-SU-2016:3239-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1015187,1015188,1015189
CVE References: CVE-2016-9933,CVE-2016-9934,CVE-2016-9935
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-89.1
Comment 12 Swamp Workflow Management 2017-01-04 14:08:10 UTC
SUSE-SU-2017:0017-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1015187,1015188,1015189,1015191
CVE References: CVE-2016-9933,CVE-2016-9934,CVE-2016-9935,CVE-2016-9936
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php7-7.0.7-28.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php7-7.0.7-28.2
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-28.2
Comment 13 Swamp Workflow Management 2017-01-05 18:08:55 UTC
SUSE-SU-2017:0038-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1015187,1015188,1015189
CVE References: CVE-2016-9933,CVE-2016-9934,CVE-2016-9935
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php5-5.5.14-89.2
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-89.2
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-89.2
Comment 14 Swamp Workflow Management 2017-01-08 00:22:15 UTC
openSUSE-SU-2017:0081-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1015187,1015188,1015189
CVE References: CVE-2016-9933,CVE-2016-9934,CVE-2016-9935
Sources used:
openSUSE Leap 42.2 (src):    php5-5.5.14-72.1
openSUSE Leap 42.1 (src):    php5-5.5.14-71.1
Comment 15 Swamp Workflow Management 2017-01-11 20:09:41 UTC
SUSE-SU-2017:0109-1: An update that solves four vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1012232,1015187,1015188,1015189,974305
CVE References: CVE-2014-9912,CVE-2016-9933,CVE-2016-9934,CVE-2016-9935
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-94.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-94.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-94.1
Comment 17 Swamp Workflow Management 2017-01-30 13:27:13 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-02-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63367
Comment 19 Swamp Workflow Management 2017-03-03 17:09:01 UTC
openSUSE-SU-2017:0598-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1015187,1015188,1015189
CVE References: CVE-2016-9933,CVE-2016-9934,CVE-2016-9935
Sources used:
openSUSE Leap 42.2 (src):    php5-5.5.14-75.2
openSUSE Leap 42.1 (src):    php5-5.5.14-75.1
Comment 21 Marcus Meissner 2017-06-15 20:09:08 UTC
released