Bug 1351168 (CVE-2016-5768)
Summary: | CVE-2016-5768 php: Double free in _php_mb_regex_ereg_replace_exec | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | abhgupta, dmcphers, fedora, hhorak, jialiu, jokerman, jorton, lmeyer, mmccomas, rcollet, tiwillia, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | php 5.5.37, php 5.6.23 | Doc Type: | If docs needed, set a value |
Doc Text: |
A double free flaw was found in the mb_ereg_replace_callback() function of php which is used to perform regex search. This flaw could possibly cause a PHP application to crash.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 02:56:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1351180, 1356812 | ||
Bug Blocks: | 1323912, 1351183 |
Description
Andrej Nemec
2016-06-29 11:49:33 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1351180] php-5.6.23-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report. php-5.6.23-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. php-5.6.23-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. Analysis: mb_ereg_replace_callback() is used to perform a regex search, the matched text is them replaced by output of the callback function. Script authors need to provide the callback function as the input to the function. In case the callback execution fails, (Most likely when the script author did not provide a proper callback), then a double-free takes places, causing php application crash. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:2598 https://rhn.redhat.com/errata/RHSA-2016-2598.html This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 6 Red Hat Software Collections for Red Hat Enterprise Linux 6.7 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.2 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.3 EUS Via RHSA-2016:2750 https://rhn.redhat.com/errata/RHSA-2016-2750.html |