Bug 1471827 - (CVE-2017-11144) CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function leads to crash
CVE-2017-11144 php: Incorrect return value check of OpenSSL sealing function ...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20170525,repor...
: Security
Depends On: 1471856
Blocks: 1471847
  Show dependency treegraph
 
Reported: 2017-07-17 10:02 EDT by Adam Mariš
Modified: 2017-07-18 08:44 EDT (History)
9 users (show)

See Also:
Fixed In Version: php 5.6.31, php 7.0.21, php 7.1.7
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Adam Mariš 2017-07-17 10:02:38 EDT
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the
openssl extension PEM sealing code did not check the return value of
the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative
number in ext/openssl/openssl.c, and an OpenSSL documentation omission.

Upstream bug:

https://bugs.php.net/bug.php?id=74651

Upstream patch:

http://git.php.net/?p=php-src.git;a=commit;h=89637c6b41b510c20d262c17483f582f115c66d6
Comment 1 Martin Prpič 2017-07-17 10:34:41 EDT
Created php tracking bugs for this issue:

Affects: fedora-all [bug 1471856]

Note You need to log in before you can comment on or make changes to this bug.