[ubuntu/trusty-security] php5 5.5.9+dfsg-1ubuntu4.25 (Accepted)
Marc Deslauriers
marc.deslauriers at canonical.com
Mon May 14 13:44:15 UTC 2018
php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium
* SECURITY UPDATE: opcache access controls bypass
- debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
- CVE-2018-10545
* SECURITY UPDATE: infinite loop in iconv stream filter
- debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
- debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
ext/iconv/iconv.c.
- CVE-2018-10546
* SECURITY UPDATE: XSS on PHAR error pages
- debian/patches/CVE-2018-10547.patch: remove potential unfiltered
outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
- CVE-2018-10547
* SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
- debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
add test to ext/ldap/tests/bug76248.phpt.
- CVE-2018-10548
Date: 2018-05-10 14:29:52.763146+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.25
-------------- next part --------------
Sorry, changesfile not available.
More information about the Trusty-changes
mailing list