Ubuntu
php7.2 package

PHP 7.2.7 contains various security issues.

Bug #1792938 reported by Rich James
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Description: Ubuntu 18.04.1 LTS
Release: 18.04
PHP 7.2.7-0ubuntu0.18.04.2 (cli) (built: Jul 4 2018 16:55:24) ( NTS )

We have received a security bulletin that there are issues that could result in either denial of service, or outright remote code execution in PHP versions < 7.2.10.

These are fixed in later versions. Ubuntu 18.04 currently uses 7.2.7 (from "php -v" above).
Bug # are from the PHP tracker

Bug #55146 (iconv_mime_decode_headers() skips some headers).
Bug #60494 (iconv_mime_decode does ignore special characters).
Bug #63839 (iconv_mime_decode_headers function is skipping headers).
Bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
Bug #68175 (RegexIterator pregFlags are NULL instead of 0).
Bug #68180 (iconv_mime_decode can return extra characters in a header).
Bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
Bug #72443 (Generate enabled extension).
Bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
Bug #76517 (incorrect restoring of LDFLAGS).
Bug #76582 (Apache bucket brigade sometimes becomes invalid).
Bug #76595 (phpdbg man page contains outdated information).
Bug #76704 (mb_detect_order return value varies based on argument type).
Bug #76705 (unusable ssl =&gt; peer_fingerprint in stream_context_create()).
Bug #76709 (Minimal required zlib library is 1.2.0.4).
Bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
Bug #76754 (parent private constant in extends class memory leak).
Bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).

Alex Murray (alexmurray)
information type: Private Security → Public Security
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1792938/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Rich James (rich.james)
affects: ubuntu → php-defaults (Ubuntu)
Brian Murray (brian-murray)
tags: added: bionic
Revision history for this message
Nish Aravamudan (nacc) wrote :

7.2.10 is now in -updates and -security.

affects: php-defaults (Ubuntu) → php7.2 (Ubuntu)
Changed in php7.2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.