Bug 986244 (CVE-2016-5772) - VUL-0: CVE-2016-5772: php5,php53: Double Free Courruption in wddx_deserialize
Summary: VUL-0: CVE-2016-5772: php5,php53: Double Free Courruption in wddx_deserialize
Status: RESOLVED FIXED
Alias: CVE-2016-5772
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/170466/
Whiteboard: CVSSv2:SUSE:CVE-2016-5772:6.8:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-06-23 13:35 UTC by Marcus Meissner
Modified: 2016-08-30 10:19 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
xx.php (395 bytes, text/plain)
2016-06-24 10:11 UTC, Marcus Meissner 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2016-06-23 13:35:03 UTC 
http://seclists.org/oss-sec/2016/q2/589

- WDDX:
        Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)

    https://bugs.php.net/bug.php?id=72340
    http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c


Use CVE-2016-5772.
Comment 1 Swamp Workflow Management 2016-06-23 22:00:14 UTC 
bugbot adjusting priority
Comment 2 Marcus Meissner 2016-06-24 10:11:18 UTC 
Created attachment 682015 [details]
xx.php

QA REPRODUCER:

php xx.php

segmentation fault
Comment 3 Petr Gajdos 2016-06-27 07:14:49 UTC 
Both 12sp2/php7 and 11/php5 produce the segfault.
Comment 4 Petr Gajdos 2016-06-27 08:04:05 UTC 
Fixed everywhere.
Comment 5 Petr Gajdos 2016-06-29 08:42:01 UTC 
Packages submitted.
Comment 7 Bernhard Wiedemann 2016-06-29 10:00:27 UTC 
This is an autogenerated message for OBS integration:
This bug (986244) was mentioned in
https://build.opensuse.org/request/show/405425 13.2 / php5
Comment 8 Bernhard Wiedemann 2016-06-29 14:02:48 UTC 
This is an autogenerated message for OBS integration:
This bug (986244) was mentioned in
https://build.opensuse.org/request/show/405458 13.2 / php5
Comment 10 Swamp Workflow Management 2016-07-07 16:08:40 UTC 
openSUSE-SU-2016:1761-1: An update that fixes 9 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986246,986247,986386,986388,986391,986392,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772,CVE-2016-5773
Sources used:
openSUSE 13.2 (src):    php5-5.6.1-69.1
Comment 13 Swamp Workflow Management 2016-07-20 22:09:39 UTC 
SUSE-SU-2016:1842-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    php5-5.5.14-68.1
SUSE Linux Enterprise Module for Web Scripting 12 (src):    php5-5.5.14-68.1
Comment 14 Swamp Workflow Management 2016-08-01 03:09:36 UTC 
openSUSE-SU-2016:1922-1: An update that fixes 9 vulnerabilities is now available.

Category: security (moderate)
Bug References: 986004,986244,986246,986386,986388,986391,986392,986393,988486
CVE References: CVE-2015-8935,CVE-2016-5385,CVE-2016-5766,CVE-2016-5767,CVE-2016-5768,CVE-2016-5769,CVE-2016-5770,CVE-2016-5771,CVE-2016-5772
Sources used:
openSUSE Leap 42.1 (src):    php5-5.5.14-56.1
Comment 15 Marcus Meissner 2016-08-01 10:00:37 UTC 
all released
Comment 18 Swamp Workflow Management 2016-08-09 15:38:16 UTC 
SUSE-SU-2016:2013-1: An update that fixes 5 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393
CVE References: CVE-2015-8935,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    php53-5.3.17-74.1
SUSE Linux Enterprise Server 11-SP4 (src):    php53-5.3.17-74.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    php53-5.3.17-74.1
Comment 19 Swamp Workflow Management 2016-08-16 11:10:22 UTC 
SUSE-SU-2016:2080-1: An update that fixes 12 vulnerabilities is now available.

Category: security (important)
Bug References: 986004,986244,986386,986388,986393,991426,991427,991428,991429,991430,991433,991437
CVE References: CVE-2015-8935,CVE-2016-5399,CVE-2016-5766,CVE-2016-5767,CVE-2016-5769,CVE-2016-5772,CVE-2016-6288,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6296,CVE-2016-6297
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    php5-5.2.14-0.7.30.89.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    php5-5.2.14-0.7.30.89.1