adopt PHP 7.2.8+ to fix vulnerability in php-fpm
Bug #1792148 reported by
Alexander Romanovich
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
php7.2 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Ubuntu 18.04 currently deploys PHP 7.2.7 with the php7.2 package. However, PHP 7.2.8 fixes an important vulnerability with a critical solution to crippled functionality in a wide range of PHP scripts when running php-fpm.
From the PHP 7.2.8 changelog: "FPM: Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking)."
For reference, the PHP bug is: https:/
I would request that the PHP 7.2 package be updated to at least 7.2.8 in order to facilitate adoption of this fix.
information type: | Private Security → Public Security |
To post a comment you must log in.
This was recently resolved with an update to PHP 7.2.10, resolving a handful of security issues.