adopt PHP 7.2.8+ to fix vulnerability in php-fpm

Bug #1792148 reported by Alexander Romanovich
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
php7.2 (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Ubuntu 18.04 currently deploys PHP 7.2.7 with the php7.2 package. However, PHP 7.2.8 fixes an important vulnerability with a critical solution to crippled functionality in a wide range of PHP scripts when running php-fpm.

From the PHP 7.2.8 changelog: "FPM: Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking)."

For reference, the PHP bug is: https://bugs.php.net/bug.php?id=73342

I would request that the PHP 7.2 package be updated to at least 7.2.8 in order to facilitate adoption of this fix.

Alex Murray (alexmurray)
information type: Private Security → Public Security
Revision history for this message
Alexander Romanovich (alexwhitewhale) wrote :

This was recently resolved with an update to PHP 7.2.10, resolving a handful of security issues.

Changed in php7.2 (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Related questions