Bug 986392 (CVE-2016-5770) - VUL-0: CVE-2016-5770: php5,php53: int/size_t confusion in SplFileObject::fread
Summary: VUL-0: CVE-2016-5770: php5,php53: int/size_t confusion in SplFileObject::fread
Status: RESOLVED FIXED
Alias: CVE-2016-5770
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170462/
Whiteboard: CVSSv2:SUSE:CVE-2016-5770:4.4:(AV:L/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-24 10:34 UTC by Marcus Meissner
Modified: 2022-08-03 13:35 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
xx.php (134 bytes, text/plain)
2016-06-24 10:35 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-24 10:34:32 UTC 
http://seclists.org/oss-sec/2016/q2/589

    - SPL:
        Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)

    https://bugs.php.net/bug.php?id=72262
    http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba


Use CVE-2016-5770.
Comment 1 Marcus Meissner 2016-06-24 10:35:24 UTC 
Created attachment 682020 [details]
xx.php

QA REPRODUCER:

php xx.php
Segmentation fault
Comment 2 Swamp Workflow Management 2016-06-24 22:01:18 UTC 
bugbot adjusting priority
Comment 3 Petr Gajdos 2016-06-27 09:01:28 UTC 
12sp2/php7 does not segfault, even bails out after a second. The code is there, though and the check should not harm.

13.2/php5, 12/php5 affected.

11sp3/php53, 11/php5 do not have plFileObject::fread().

AFTER:

$ php xx.php
PHP Warning:  SplFileObject::fread(): Length parameter must be no more than 2147483647
$
Comment 4 Petr Gajdos 2016-06-29 08:44:06 UTC 
Packages submitted.
Comment 6 Bernhard Wiedemann 2016-06-29 10:01:00 UTC 
This is an autogenerated message for OBS integration:
This bug (986392) was mentioned in
https://build.opensuse.org/request/show/405425 13.2 / php5
Comment 8 Bernhard Wiedemann 2016-06-29 14:04:09 UTC 
This is an autogenerated message for OBS integration:
This bug (986392) was mentioned in
https://build.opensuse.org/request/show/405458 13.2 / php5
Comment 9 Swamp Workflow Management 2016-07-07 16:09:35 UTC 
openSUSE-SU-2016:1761-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986246,986247,986386,986388,986391,986392,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772,CVE-2016-5773
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-69.1
Comment 12 Swamp Workflow Management 2016-07-20 22:10:35 UTC 
SUSE-SU-2016:1842-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-68.1
Comment 13 Swamp Workflow Management 2016-08-01 03:10:21 UTC 
openSUSE-SU-2016:1922-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-56.1
Comment 14 Marcus Meissner 2016-08-01 11:21:21 UTC 
released