Packages
Details
It was discovered that PHP incorrectly handled opcache access controls
when configured to use PHP-FPM. A local user could possibly use this issue
to obtain sensitive information from another user's PHP applications.
(CVE-2018-10545)
It was discovered that the PHP iconv stream filter incorrect handled
certain invalid multibyte sequences. A remote attacker could possibly use
this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)
It was discovered that the PHP PHAR error pages incorrectly filtered
certain data. A remote attacker could possibly use this issue to perform
a reflected XSS attack. (CVE-2018-10547)
It was discovered that PHP incorrectly handled LDAP. A malicious remote
LDAP server could possibly use this issue to cause PHP to crash, resulting
in a denial of service....
It was discovered that PHP incorrectly handled opcache access controls
when configured to use PHP-FPM. A local user could possibly use this issue
to obtain sensitive information from another user's PHP applications.
(CVE-2018-10545)
It was discovered that the PHP iconv stream filter incorrect handled
certain invalid multibyte sequences. A remote attacker could possibly use
this issue to cause PHP to hang, resulting in a denial of service.
(CVE-2018-10546)
It was discovered that the PHP PHAR error pages incorrectly filtered
certain data. A remote attacker could possibly use this issue to perform
a reflected XSS attack. (CVE-2018-10547)
It was discovered that PHP incorrectly handled LDAP. A malicious remote
LDAP server could possibly use this issue to cause PHP to crash, resulting
in a denial of service. (CVE-2018-10548)
It was discovered that PHP incorrectly handled certain exif tags in JPEG
images. A remote attacker could possibly use this issue to cause PHP to
crash, resulting in a denial of service. This issue only affected Ubuntu
16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS. (CVE-2018-10549)
Update instructions
In Ubuntu 16.04 LTS, Ubuntu 17.10, and Ubuntu 18.04 LTS, this update uses a new upstream release, which includes additional bug fixes. In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 18.04 bionic | libapache2-mod-php7.2 – 7.2.5-0ubuntu0.18.04.1 | ||
| php7.2-cgi – 7.2.5-0ubuntu0.18.04.1 | |||
| php7.2-cli – 7.2.5-0ubuntu0.18.04.1 | |||
| php7.2-fpm – 7.2.5-0ubuntu0.18.04.1 | |||
| 17.10 artful | libapache2-mod-php7.1 – 7.1.17-0ubuntu0.17.10.1 | ||
| php7.1-cgi – 7.1.17-0ubuntu0.17.10.1 | |||
| php7.1-cli – 7.1.17-0ubuntu0.17.10.1 | |||
| php7.1-fpm – 7.1.17-0ubuntu0.17.10.1 | |||
| 16.04 xenial | libapache2-mod-php7.0 – 7.0.30-0ubuntu0.16.04.1 | ||
| php7.0-cgi – 7.0.30-0ubuntu0.16.04.1 | |||
| php7.0-cli – 7.0.30-0ubuntu0.16.04.1 | |||
| php7.0-fpm – 7.0.30-0ubuntu0.16.04.1 | |||
| 14.04 trusty | libapache2-mod-php5 – 5.5.9+dfsg-1ubuntu4.25 | ||
| php5-cgi – 5.5.9+dfsg-1ubuntu4.25 | |||
| php5-cli – 5.5.9+dfsg-1ubuntu4.25 | |||
| php5-fpm – 5.5.9+dfsg-1ubuntu4.25 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.