Bug 1471827 - (CVE-2017-11144) CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function leads to crash
CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function ...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 1471856
Blocks: 1471847
  Show dependency treegraph
Reported: 2017-07-17 10:02 EDT by Adam Mariš
Modified: 2017-07-18 08:44 EDT (History)
9 users (show)

See Also:
Fixed In Version: php 5.6.31, php 7.0.21, php 7.1.7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2017-07-17 10:02:38 EDT
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the
openssl extension PEM sealing code did not check the return value of
the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative
number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Upstream bug:


Upstream patch:

Comment 1 Martin Prpič 2017-07-17 10:34:41 EDT
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1471856]

Note You need to log in before you can comment on or make changes to this bug.