Bugzilla – Bug 999680
VUL-0: CVE-2016-7412: php5, php7: Heap overflow in mysqlnd when not receiving UNSIGNED_FLAG in BIT field
Last modified: 2019-06-16 14:37:42 UTC
rh#1377311 Heap overflow vulnerability was found in mysqlnd which can be triggered by malicious server or MITM by not supplementing UNSIGNED_FLAG in BIT field in php_mysqlnd_rowp_read_text_protocol_aux. Upstream bug: https://bugs.php.net/bug.php?id=72293 Upstream patch: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1 References: https://bugzilla.redhat.com/show_bug.cgi?id=1377311 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7412 http://seclists.org/oss-sec/2016/q3/518 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-7412.html http://www.cvedetails.com/cve/CVE-2016-7412/
bugbot adjusting priority
Test script: --------------- <?php /* Please setup the following database/table: CREATE DATABASE php; USE php; CREATE TABLE `php` (`moo` bit(8) DEFAULT NULL ) ENGINE=InnoDB DEFAULT CHARSET=latin1; INSERT INTO `php` VALUES (0x81); # -127 when signed */ $link = mysqli_connect('127.0.0.1', 'root', '', 'php'); if (!$link) die("Cannot connect"); $s = str_repeat("moo,", 60000); /* can play with this value a bit to see different corruption */ $result = mysqli_query($link, "SELECT $s 1 FROM php"); while($row = mysqli_fetch_row($result)) { $v = print_r($row, true); /* just to exercise heap */}; mysqli_close($link); ?>
Patch applies to all relevant versions php7 .. php53. php 5.2 is not affected. To whomever who would like to really test it, please read description of the bug carefully (until end).
This is an autogenerated message for OBS integration: This bug (999680) was mentioned in https://build.opensuse.org/request/show/429748 13.2 / php5 https://build.opensuse.org/request/show/429753 13.2 / php5
I believe all fixed.
openSUSE-SU-2016:2444-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: openSUSE 13.2 (src): php5-5.6.1-78.1
SUSE-SU-2016:2459-1: An update that fixes 16 vulnerabilities is now available. Category: security (important) Bug References: 997206,997207,997208,997210,997211,997220,997225,997230,997257,999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE OpenStack Cloud 5 (src): php53-5.3.17-84.1 SUSE Manager Proxy 2.1 (src): php53-5.3.17-84.1 SUSE Manager 2.1 (src): php53-5.3.17-84.1 SUSE Linux Enterprise Software Development Kit 11-SP4 (src): php53-5.3.17-84.1 SUSE Linux Enterprise Server 11-SP4 (src): php53-5.3.17-84.1 SUSE Linux Enterprise Server 11-SP3-LTSS (src): php53-5.3.17-84.1 SUSE Linux Enterprise Point of Sale 11-SP3 (src): php53-5.3.17-84.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): php53-5.3.17-84.1 SUSE Linux Enterprise Debuginfo 11-SP3 (src): php53-5.3.17-84.1
SUSE-SU-2016:2460-1: An update that solves 29 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820 CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php7-7.0.7-15.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-15.1
SUSE-SU-2016:2461-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): php53-5.3.17-58.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): php53-5.3.17-58.1
SUSE-SU-2016:2477-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE Linux Enterprise Software Development Kit 12-SP1 (src): php5-5.5.14-78.1 SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-78.1
openSUSE-SU-2016:2540-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: openSUSE Leap 42.1 (src): php5-5.5.14-62.1
released
SUSE-SU-2016:2477-2: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 999679,999680,999682,999684,999685,999819,999820 CVE References: CVE-2016-7411,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): php5-5.5.14-78.1
SUSE-SU-2016:2460-2: An update that solves 29 vulnerabilities and has two fixes is now available. Category: security (important) Bug References: 1001950,987580,988032,991422,991424,991426,991427,991428,991429,991430,991434,991437,995512,997206,997207,997208,997210,997211,997220,997225,997230,997247,997248,997257,999313,999679,999680,999684,999685,999819,999820 CVE References: CVE-2016-4473,CVE-2016-5399,CVE-2016-6128,CVE-2016-6161,CVE-2016-6207,CVE-2016-6289,CVE-2016-6290,CVE-2016-6291,CVE-2016-6292,CVE-2016-6295,CVE-2016-6296,CVE-2016-6297,CVE-2016-7124,CVE-2016-7125,CVE-2016-7126,CVE-2016-7127,CVE-2016-7128,CVE-2016-7129,CVE-2016-7130,CVE-2016-7131,CVE-2016-7132,CVE-2016-7133,CVE-2016-7134,CVE-2016-7412,CVE-2016-7413,CVE-2016-7414,CVE-2016-7416,CVE-2016-7417,CVE-2016-7418 Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): php7-7.0.7-15.1