Fedora 29 : php (2018-7ebfe1e6f2)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Fedora 28 : php (2018-9438795217)

PHP version 7.2.8 19 Jul 2018 Core: - Fixed bug php76534 PHP hangs on 'illegal string offset on string references with an error handler. Laruence - Fixed bug php76520 Object creation leaks memory when executed over HTTP. Nikita - Fixed bug php76502 Chain of mixed exceptions and errors does not...

Fedora 29 : php (2018-791c3cfe21)

PHP version 7.2.10 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk - Fixed bug php75797 Memory leak when using classalias in non-debug mode. Massimiliano Braglia Apache2: - Fixed bug php765...

Fedora 28 : php (2018-dfe1f0bac6)

PHP version 7.2.13 06 Dec 2018 ftp: - Fixed bug php77151 ftpclose: SSLread on shutdown. Remi CLI: - Fixed bug php77111 php-win.exe corrupts unicode symbols from cli parameters. Anatol Fileinfo: - Fixed bug php77095 slowness regression in 7.2/7.3 compared to 7.1. Anatol iconv: - Fixed bug php77147...

Fedora 28 : php (2018-b13b720a3d)

PHP version 7.2.4 29 Mar 2018 Core: - Fixed bug php76025 Segfault while throwing exception in errorhandler. Dmitry, Laruence - Fixed bug php76044 'date: illegal option -- -' in ./configure on FreeBSD. Anatol FPM: - Fixed bug php75605 Dumpable FPM child processes allow bypassing opcache access...

Fedora 27 : php (2018-25100b492c)

PHP version 7.1.22 13 Sep 2018 Core: - Fixed bug php76754 parent private constant in extends class memory leak. Laruence - Fixed bug php72443 Generate enabled extension. petk Apache2: - Fixed bug php76582 Apache bucket brigade sometimes becomes invalid. stas Bz2: - Fixed arginfo for bzcompress...

Debian DSA-4240-1 : php7.0 - security update

Several vulnerabilities were found in PHP, a widely-used open source general purpose scripting language : - CVE-2018-7584 Buffer underread in parsing HTTP responses - CVE-2018-10545 Dumpable FPM child processes allowed the bypass of opcache access controls - CVE-2018-10546 Denial of service via...

Debian: Security Advisory (DSA-4240-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-3646-2: PHP vulnerabilities

USN-3646-1 fixed a vulnerability in PHP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : PHP vulnerabilities (USN-3646-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3646-1 advisory. It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibl...

USN-3646-1 php5, php7.0, php7.1, php7.2 vulnerabilities

It was discovered that PHP incorrectly handled opcache access controls when configured to use PHP-FPM. A local user could possibly use this issue to obtain sensitive information from another user's PHP applications. CVE-2018-10545 It was discovered that the PHP iconv stream filter incorrect handl...

PHP < 5.6.35, 7.x < 7.0.29, 7.1.x < 7.1.16, 7.2.x < 7.2.4 Security Bypass Vulnerability (May 2018) - Linux

PHP is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php:php"; if description...

PHP Security Bypass Vulnerability (CNVD-2018-09561)

PHP PHP: Hypertext Preprocessor is an open source general-purpose computer scripting language maintained by the PHP Group and the open source community. The language supports multiple syntaxes, multiple databases and operating systems, and support for C, C++ for program extensions and so on. A...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10545

Technical details (affected products, versions, exploit information, and fixes) are not provided in the supplied documents. Please monitor for updates.

UBUNTU-CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...

CVE-2018-10545

An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpmunix.c makes a PRSETDUMPABLE prctl call, allowing one user in a multiuser environment to obtain sensitive...