[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.25 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Mon May 14 13:44:15 UTC 2018

php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium

  * SECURITY UPDATE: opcache access controls bypass
    - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
      default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2018-10545
  * SECURITY UPDATE: infinite loop in iconv stream filter
    - debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
      ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
    - debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
    - CVE-2018-10546
  * SECURITY UPDATE: XSS on PHAR error pages
    - debian/patches/CVE-2018-10547.patch: remove potential unfiltered
      outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
    - CVE-2018-10547
  * SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
    - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
      add test to ext/ldap/tests/bug76248.phpt.
    - CVE-2018-10548

Date: 2018-05-10 14:29:52.763146+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list