1
PublicDateAtUSN: 2018-04-29
2
Candidate: CVE-2018-10545
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10545
6
http://php.net/ChangeLog-5.php
7
http://php.net/ChangeLog-7.php
8
https://usn.ubuntu.com/usn/usn-3646-1
9
https://usn.ubuntu.com/usn/usn-3646-2
11
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x
12
before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow
13
bypassing opcache access controls because fpm_unix.c makes a
14
PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment)
15
to obtain sensitive information from the process memory of a second user's
16
PHP applications by running gcore on the PID of the PHP-FPM worker process.
20
https://bugs.php.net/bug.php?id=75605
26
upstream: https://github.com/php/php-src/commit/d20bebfe1340986f795769e2ad6810f36eadf2ca
27
upstream_php5: released (5.6.35)
28
precise/esm_php5: released (5.3.10-1ubuntu3.31)
29
trusty_php5: released (5.5.9+dfsg-1ubuntu4.25)
36
upstream_php7.0: released (7.0.29)
37
precise/esm_php7.0: DNE
39
xenial_php7.0: released (7.0.30-0ubuntu0.16.04.1)
45
upstream_php7.1: released (7.1.16)
46
precise/esm_php7.1: DNE
49
artful_php7.1: released (7.1.17-0ubuntu0.17.10.1)
54
upstream_php7.2: released (7.2.4)
55
precise/esm_php7.2: DNE
59
bionic_php7.2: released (7.2.5-0ubuntu0.18.04.1)
60
devel_php7.2: released (7.2.5-0ubuntu0.18.04.1)