[Bug 1792938] [NEW] PHP 7.2.7 contains various security issues.

Launchpad Bug Tracker Mon, 17 Sep 2018 23:22:42 -0700

*** This bug is a security vulnerability ***

You have been subscribed to a public security bug by Alex Murray (alexmurray):


Description:    Ubuntu 18.04.1 LTS
Release:        18.04
PHP 7.2.7-0ubuntu0.18.04.2 (cli) (built: Jul  4 2018 16:55:24) ( NTS )

We have received a security bulletin that there are issues that could
result in either denial of service, or outright remote code execution in
PHP versions < 7.2.10.

These are fixed in later versions.  Ubuntu 18.04 currently uses 7.2.7 (from 
"php -v" above).
Bug # are from the PHP tracker

•         Bug #55146 (iconv_mime_decode_headers() skips some headers).
•         Bug #60494 (iconv_mime_decode does ignore special characters).
•         Bug #63839 (iconv_mime_decode_headers function is skipping headers).
•         Bug #65988 (Zlib version check fails when an include/zlib/ style dir 
is passed to the --with-zlib configure option).
•         Bug #68175 (RegexIterator pregFlags are NULL instead of 0).
•         Bug #68180 (iconv_mime_decode can return extra characters in a 
header).
•         Bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
•         Bug #72443 (Generate enabled extension).
•         Bug #74484 (MessageFormatter::formatMessage memory corruption with 
11+ named placeholders).
•         Bug #76517 (incorrect restoring of LDFLAGS).
•         Bug #76582 (Apache bucket brigade sometimes becomes invalid).
•         Bug #76595 (phpdbg man page contains outdated information).
•         Bug #76704 (mb_detect_order return value varies based on argument 
type).
•         Bug #76705 (unusable ssl =&gt; peer_fingerprint in 
stream_context_create()).
•         Bug #76709 (Minimal required zlib library is 1.2.0.4).
•         Bug #76747 (Opcache treats path containing "test.pharma.tld" as a 
phar file).
•         Bug #76754 (parent private constant in extends class memory leak).
•         Bug #76777 ("public id" parameter of 
libxml_set_external_entity_loader callback undefined).

** Affects: ubuntu
     Importance: Undecided
         Status: New

-- 
PHP 7.2.7 contains various security issues.
https://bugs.launchpad.net/bugs/1792938
You received this bug notification because you are a member of Ubuntu Bugs, 
which is subscribed to the bug report.

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1792938] [NEW] PHP 7.2.7 contains various security issues.

Reply via email to