openssl_random_pseudo_bytes() security bug and PHP packages

Bug #1534203 reported by vinc-q on 2016-01-14
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php5 (Ubuntu)
Undecided
Unassigned
Precise
Medium
Marc Deslauriers
Trusty
Medium
Marc Deslauriers
Vivid
Medium
Marc Deslauriers
Wily
Medium
Marc Deslauriers
Xenial
Undecided
Unassigned

Bug Description

Maybe Ubuntu official PHP packages aren't patched against openssl_random_pseudo_bytes() security bug (https://bugs.php.net/bug.php?id=70014). The vulnerability is corrected in the versions
5.6.12, 5.5.28, 5.4.44, so it might be still affecting the currently supported Ubuntu PHP packages (5.6.11, 5.6.4, 5.5.9).

vinc-q (vinc-q) on 2016-01-14
information type: Public → Public Security
Changed in php5 (Ubuntu Xenial):
status: New → Fix Released
Changed in php5 (Ubuntu Precise):
status: New → Confirmed
Changed in php5 (Ubuntu Trusty):
status: New → Confirmed
Changed in php5 (Ubuntu Vivid):
status: New → Confirmed
Changed in php5 (Ubuntu Wily):
status: New → Confirmed
Changed in php5 (Ubuntu Precise):
importance: Undecided → Medium
Changed in php5 (Ubuntu Trusty):
importance: Undecided → Medium
Changed in php5 (Ubuntu Precise):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Vivid):
importance: Undecided → Medium
Changed in php5 (Ubuntu Wily):
importance: Undecided → Medium
Changed in php5 (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Vivid):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in php5 (Ubuntu Wily):
assignee: nobody → Marc Deslauriers (mdeslaur)
Marc Deslauriers (mdeslaur) wrote :

This was fixed in the following security update:

http://www.ubuntu.com/usn/usn-2952-1/

Changed in php5 (Ubuntu Precise):
status: Confirmed → Fix Released
Changed in php5 (Ubuntu Trusty):
status: Confirmed → Fix Released
Changed in php5 (Ubuntu Vivid):
status: Confirmed → Won't Fix
Changed in php5 (Ubuntu Wily):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers