[ubuntu/trusty-updates] php5 5.5.9+dfsg-1ubuntu4.25 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Mon May 14 14:28:31 UTC 2018


php5 (5.5.9+dfsg-1ubuntu4.25) trusty-security; urgency=medium

  * SECURITY UPDATE: opcache access controls bypass
    - debian/patches/CVE-2018-10545.patch: do not set PR_SET_DUMPABLE by
      default in sapi/fpm/fpm/fpm_conf.c, sapi/fpm/fpm/fpm_conf.h,
      sapi/fpm/fpm/fpm_unix.c, sapi/fpm/php-fpm.conf.in.
    - CVE-2018-10545
  * SECURITY UPDATE: infinite loop in iconv stream filter
    - debian/patches/CVE-2018-10546-1.patch: fail on invalid sequences in
      ext/iconv/iconv.c, ext/iconv/tests/bug76249.phpt.
    - debian/patches/CVE-2018-10546-2.patch: fix tsrm_ls in
      ext/iconv/iconv.c.
    - CVE-2018-10546
  * SECURITY UPDATE: XSS on PHAR error pages
    - debian/patches/CVE-2018-10547.patch: remove potential unfiltered
      outputs in ext/phar/phar_object.c, fix tests in ext/phar/tests/*.
    - CVE-2018-10547
  * SECURITY UPDATE: DoS via ldap_get_dn return value mishandling
    - debian/patches/CVE-2018-10548.patch: check dn in ext/ldap/ldap.c,
      add test to ext/ldap/tests/bug76248.phpt.
    - CVE-2018-10548

Date: 2018-05-10 14:29:52.763146+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
https://launchpad.net/ubuntu/+source/php5/5.5.9+dfsg-1ubuntu4.25
-------------- next part --------------
Sorry, changesfile not available.


More information about the Trusty-changes mailing list