Bug 1069606 - (CVE-2017-9228) VUL-0: CVE-2017-9228: php5,php53,php7: heap out-of-bounds write occurs in bitset_set_range() during regex compilation
(CVE-2017-9228)
VUL-0: CVE-2017-9228: php5,php53,php7: heap out-of-bounds write occurs in bi...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3:SUSE:CVE-2017-9228:6.4:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-11-23 12:31 UTC by Marcus Meissner
Modified: 2018-02-12 21:11 UTC (History)
0 users

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2017-11-23 12:31:23 UTC
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9228

An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby
through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write
occurs in bitset_set_range() during regular expression compilation due to an
uninitialized variable from an incorrect state transition. An incorrect state
transition in parse_char_class() could create an execution path that leaves a
critical local variable uninitialized until it's used as an index, resulting in
an out-of-bounds write memory corruption.
Comment 1 Marcus Meissner 2017-11-23 12:33:28 UTC
https://github.com/kkos/oniguruma/issues/60
Comment 2 Petr Gajdos 2017-11-27 08:47:11 UTC
php commit (7.2.0)
https://github.com/php/php-src/commit/1c845d295037702d63097e2216b3c5db53f79273
Comment 4 Swamp Workflow Management 2017-11-29 15:24:04 UTC
An update workflow for this issue was started.
This issue was rated as moderate.
Please submit fixed packages until 2017-12-13.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63910
Comment 5 Swamp Workflow Management 2017-12-07 20:14:47 UTC
SUSE-SU-2017:3237-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1063815,1067441,1069606,1069631
CVE References: CVE-2017-16642,CVE-2017-9228,CVE-2017-9229
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php7-7.0.7-50.23.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php7-7.0.7-50.23.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php7-7.0.7-50.23.1
Comment 6 Swamp Workflow Management 2017-12-08 11:12:10 UTC
openSUSE-SU-2017:3240-1: An update that solves three vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 1063815,1067441,1069606,1069631
CVE References: CVE-2017-16642,CVE-2017-9228,CVE-2017-9229
Sources used:
openSUSE Leap 42.3 (src):    php7-7.0.7-25.1
openSUSE Leap 42.2 (src):    php7-7.0.7-14.15.1
Comment 7 Swamp Workflow Management 2017-12-13 20:09:25 UTC
SUSE-SU-2017:3277-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1067090,1067441,1069606,1069631
CVE References: CVE-2017-16642,CVE-2017-4025,CVE-2017-9228,CVE-2017-9229
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    php5-5.5.14-109.13.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    php5-5.5.14-109.13.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-109.13.1
Comment 8 Swamp Workflow Management 2017-12-14 23:10:04 UTC
openSUSE-SU-2017:3329-1: An update that fixes four vulnerabilities is now available.

Category: security (moderate)
Bug References: 1067090,1067441,1069606,1069631
CVE References: CVE-2017-16642,CVE-2017-4025,CVE-2017-9228,CVE-2017-9229
Sources used:
openSUSE Leap 42.3 (src):    php5-5.5.14-88.1
openSUSE Leap 42.2 (src):    php5-5.5.14-77.15.1
Comment 9 Swamp Workflow Management 2018-01-02 11:11:23 UTC
SUSE-SU-2018:0003-1: An update that fixes three vulnerabilities is now available.

Category: security (moderate)
Bug References: 1067441,1069606,1069631
CVE References: CVE-2017-16642,CVE-2017-9228,CVE-2017-9229
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-112.10.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-112.10.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-112.10.1
Comment 10 Marcus Meissner 2018-02-12 21:11:26 UTC
released