26 Apr 2018 Exif: Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549) iconv: Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546) LDAP: Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548) Phar: Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
Arches, please test and mark stable
Note for securityteam: I've put dev-lang/php-7.1.18 as the stable target in that slot due to a nasty session bug. The fix for the 7.1 slot was in 7.1.17
you forgot to cc arches :)
(In reply to Agostino Sarubbo from comment #3) > you forgot to cc arches :) Thanks, I highlighted but missed the Add button. Arches, please stable.
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cabd2bc08340c3fea92ff5627594996fe21d736b commit cabd2bc08340c3fea92ff5627594996fe21d736b Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 12:06:35 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 12:06:41 +0000 dev-lang/php: stable 7.1.18 for ia64, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" dev-lang/php/php-7.1.18.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0116036d6c2410fe7eb1a95129258d0cdf1cd63e commit 0116036d6c2410fe7eb1a95129258d0cdf1cd63e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 12:06:26 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 12:06:41 +0000 dev-lang/php: stable 7.0.30 for ia64, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" dev-lang/php/php-7.0.30.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83cec89445c9c835a0f0c3fb03fd3d2fa5d42c38 commit 83cec89445c9c835a0f0c3fb03fd3d2fa5d42c38 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-15 12:06:14 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 12:06:41 +0000 dev-lang/php: stable 5.6.36 for ia64, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" dev-lang/php/php-5.6.36.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050bb65f4b005f458d4ed4c1e3b4eec8930e9a28 commit 050bb65f4b005f458d4ed4c1e3b4eec8930e9a28 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-15 13:44:01 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 15:56:25 +0000 dev-lang/php: stable 7.1.18 for sparc Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-lang/php/php-7.1.18.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e09b50c27ba602618d6278cc77f52e254d2cf43d commit e09b50c27ba602618d6278cc77f52e254d2cf43d Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-15 13:42:38 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 15:56:25 +0000 dev-lang/php: stable 7.0.30 for sparc Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-lang/php/php-7.0.30.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8278941768f273c50ecef15688fffbd7efad9282 commit 8278941768f273c50ecef15688fffbd7efad9282 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-06-15 13:41:16 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-15 15:56:25 +0000 dev-lang/php: stable 5.6.36 for sparc Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" dev-lang/php/php-5.6.36.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2da63a7b57d96942b00b46d1624db6845bc09fc commit e2da63a7b57d96942b00b46d1624db6845bc09fc Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:55:29 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:36:02 +0000 dev-lang/php: stable 7.1.18 for ppc, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" dev-lang/php/php-7.1.18.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6192a8852d849d76667f6cc382e9b35920e86d1a commit 6192a8852d849d76667f6cc382e9b35920e86d1a Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:55:14 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:36:02 +0000 dev-lang/php: stable 7.0.30 for ppc, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" dev-lang/php/php-7.0.30.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7fce4657bc708940c3d6502709e2fcd612f1bd9 commit d7fce4657bc708940c3d6502709e2fcd612f1bd9 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 17:55:00 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 19:36:02 +0000 dev-lang/php: stable 5.6.36 for ppc, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" dev-lang/php/php-5.6.36.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3326b08563631a134d4cc7a749aaedb44d18b5e commit f3326b08563631a134d4cc7a749aaedb44d18b5e Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-06-24 20:01:13 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-06-24 20:21:04 +0000 dev-lang/php: stable 5.6.36 for ppc64, bug #658092 Bug: https://bugs.gentoo.org/658092 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc64" dev-lang/php/php-5.6.36.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm stable
Stable on alpha.
(In reply to Larry the Git Cow from comment #10) > The bug has been referenced in the following commit(s): > > https://gitweb.gentoo.org/repo/gentoo.git/commit/ > ?id=f3326b08563631a134d4cc7a749aaedb44d18b5e > > commit f3326b08563631a134d4cc7a749aaedb44d18b5e > Author: Sergei Trofimovich <slyfox@gentoo.org> > AuthorDate: 2018-06-24 20:01:13 +0000 > Commit: Sergei Trofimovich <slyfox@gentoo.org> > CommitDate: 2018-06-24 20:21:04 +0000 > > dev-lang/php: stable 5.6.36 for ppc64, bug #658092 > > Bug: https://bugs.gentoo.org/658092 > Package-Manager: Portage-2.3.40, Repoman-2.3.9 > RepoMan-Options: --include-arches="ppc64" > > dev-lang/php/php-5.6.36.ebuild | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) @ppc64 anything wrong with 7.0.30 or 7.1.18?
CVE-2018-10549 (https://nvd.nist.gov/vuln/detail/CVE-2018-10549): An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has an out-of-bounds read for crafted JPEG data because exif_iif_add_value mishandles the case of a MakerNote that lacks a final '\0' character. CVE-2018-10548 (https://nvd.nist.gov/vuln/detail/CVE-2018-10548): An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP servers to cause a denial of service (NULL pointer dereference and application crash) because of mishandling of the ldap_get_dn return value. CVE-2018-10546 (https://nvd.nist.gov/vuln/detail/CVE-2018-10546): An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in ext/iconv/iconv.c because the iconv stream filter does not reject invalid multibyte sequences. CVE-2018-10545 (https://nvd.nist.gov/vuln/detail/CVE-2018-10545): An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
ppc64 stable
All security arches stable Affected ebuilds cleaned
What's the criteria for this moving from IN_PROGRESS -> FIXED
hppa has no stable keywords
This issue was resolved and addressed in GLSA 201812-01 at https://security.gentoo.org/glsa/201812-01 by GLSA coordinator Aaron Bauman (b-man).
