Bug 986246 (CVE-2016-5768) - VUL-0: CVE-2016-5768: php5,php53: _php_mb_regex_ereg_replace_exec - double free
Summary: VUL-0: CVE-2016-5768: php5,php53: _php_mb_regex_ereg_replace_exec - double free
Status: RESOLVED FIXED
Alias: CVE-2016-5768
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170463/
Whiteboard: CVSSv2:SUSE:CVE-2016-5768:4.4:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-23 13:37 UTC by Marcus Meissner
Modified: 2022-08-03 13:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
xx.php (175 bytes, application/x-php)
2016-06-24 09:53 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-23 13:37:48 UTC 
http://seclists.org/oss-sec/2016/q2/589

    - mbstring:
         Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (Stas)

    https://bugs.php.net/bug.php?id=72402
    http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62


Use CVE-2016-5768.
Comment 1 Swamp Workflow Management 2016-06-23 22:00:25 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-06-24 09:53:02 UTC 
Created attachment 682010 [details]
xx.php

QA REPRODUCER:

php xx.php

segmentation ffault
Comment 3 Marcus Meissner 2016-06-24 09:56:04 UTC 
php53 does not seem to have the callback, sle12 php5 does
Comment 4 Petr Gajdos 2016-06-27 07:04:23 UTC 
Fixed in 13.2/php5 and 12/php5. 12sp2/php7 considering not to be affected (testcase does not work and code looks different.)
Comment 5 Petr Gajdos 2016-06-29 08:42:30 UTC 
Packages submitted.
Comment 6 Bernhard Wiedemann 2016-06-29 14:02:58 UTC 
This is an autogenerated message for OBS integration:
This bug (986246) was mentioned in
https://build.opensuse.org/request/show/405458 13.2 / php5
Comment 8 Swamp Workflow Management 2016-07-07 16:08:50 UTC 
openSUSE-SU-2016:1761-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986246,986247,986386,986388,986391,986392,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772,CVE-2016-5773
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-69.1
Comment 11 Swamp Workflow Management 2016-07-20 22:09:53 UTC 
SUSE-SU-2016:1842-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-68.1
Comment 12 Swamp Workflow Management 2016-08-01 03:09:45 UTC 
openSUSE-SU-2016:1922-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-56.1
Comment 13 Marcus Meissner 2016-08-01 10:04:12 UTC 
all released