| Bug ID | 1015191 |
|---|---|
| Summary | VUL-0: CVE-2016-9936: php: Use After Free in PHP7 unserialize() |
| Classification | openSUSE |
| Product | openSUSE Distribution |
| Version | Leap 42.2 |
| Hardware | Other |
| OS | Other |
| Status | NEW |
| Severity | Normal |
| Priority | P5 - None |
| Component | Security |
| Assignee | security-team@suse.de |
| Reporter | mikhail.kasimov@gmail.com |
| QA Contact | qa-bugs@suse.de |
| Found By | --- |
| Blocker | --- |
Reference: http://seclists.org/oss-sec/2016/q4/658 =================================================== Fixed in PHP 7.0.14 and 7.1.0: Bug #72978 Use After Free in PHP7 unserialize() https://bugs.php.net/bug.php?id=72978 https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17 Use CVE-2016-9936. The b2af4e8868726a040234de113436c6e4f6372d17 commit message is "Complete the fix of bug #70172 for PHP 7." Because 70172 is referenced by CVE-2015-6834, it is possible to say that CVE-2016-9936 exists because of an incomplete fix for CVE-2015-6834. ===================================================