Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 658092 (CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549) - <dev-lang/php-{5.6.36,7.0.30,7.1.18}: Multiple vulnerabilities
Summary: <dev-lang/php-{5.6.36,7.0.30,7.1.18}: Multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-10546, CVE-2018-10547, CVE-2018-10548, CVE-2018-10549
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A2 [glsa+ cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-06-14 12:36 UTC by Brian Evans
Modified: 2018-12-02 15:45 UTC (History)
2 users (show)

See Also:
Package list:
dev-lang/php-5.6.36 dev-lang/php-7.0.30 dev-lang/php-7.1.18
Runtime testing required: ---
stable-bot: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Brian Evans Gentoo Infrastructure gentoo-dev 2018-06-14 12:36:51 UTC
26 Apr 2018
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
LDAP:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
Comment 1 Brian Evans Gentoo Infrastructure gentoo-dev 2018-06-14 12:37:37 UTC
Arches, please test and mark stable
Comment 2 Brian Evans Gentoo Infrastructure gentoo-dev 2018-06-14 12:40:05 UTC
Note for securityteam: I've put dev-lang/php-7.1.18 as the stable target in that slot due to a nasty session bug.  The fix for the 7.1 slot was in 7.1.17
Comment 3 Agostino Sarubbo gentoo-dev 2018-06-14 12:52:08 UTC
you forgot to cc arches :)
Comment 4 Brian Evans Gentoo Infrastructure gentoo-dev 2018-06-14 12:53:32 UTC
(In reply to Agostino Sarubbo from comment #3)
> you forgot to cc arches :)

Thanks, I highlighted but missed the Add button.

Arches, please stable.
Comment 5 Agostino Sarubbo gentoo-dev 2018-06-14 13:11:59 UTC
amd64 stable
Comment 6 Larry the Git Cow gentoo-dev 2018-06-15 12:06:47 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cabd2bc08340c3fea92ff5627594996fe21d736b

commit cabd2bc08340c3fea92ff5627594996fe21d736b
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-15 12:06:35 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 12:06:41 +0000

    dev-lang/php: stable 7.1.18 for ia64, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 dev-lang/php/php-7.1.18.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0116036d6c2410fe7eb1a95129258d0cdf1cd63e

commit 0116036d6c2410fe7eb1a95129258d0cdf1cd63e
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-15 12:06:26 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 12:06:41 +0000

    dev-lang/php: stable 7.0.30 for ia64, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 dev-lang/php/php-7.0.30.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=83cec89445c9c835a0f0c3fb03fd3d2fa5d42c38

commit 83cec89445c9c835a0f0c3fb03fd3d2fa5d42c38
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-15 12:06:14 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 12:06:41 +0000

    dev-lang/php: stable 5.6.36 for ia64, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ia64"

 dev-lang/php/php-5.6.36.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 7 Larry the Git Cow gentoo-dev 2018-06-15 15:56:39 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=050bb65f4b005f458d4ed4c1e3b4eec8930e9a28

commit 050bb65f4b005f458d4ed4c1e3b4eec8930e9a28
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-15 13:44:01 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 15:56:25 +0000

    dev-lang/php: stable 7.1.18 for sparc
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 dev-lang/php/php-7.1.18.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e09b50c27ba602618d6278cc77f52e254d2cf43d

commit e09b50c27ba602618d6278cc77f52e254d2cf43d
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-15 13:42:38 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 15:56:25 +0000

    dev-lang/php: stable 7.0.30 for sparc
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 dev-lang/php/php-7.0.30.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=8278941768f273c50ecef15688fffbd7efad9282

commit 8278941768f273c50ecef15688fffbd7efad9282
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-06-15 13:41:16 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-15 15:56:25 +0000

    dev-lang/php: stable 5.6.36 for sparc
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 dev-lang/php/php-5.6.36.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 8 Thomas Deutschmann gentoo-dev Security 2018-06-17 23:31:23 UTC
x86 stable
Comment 9 Larry the Git Cow gentoo-dev 2018-06-24 19:39:06 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e2da63a7b57d96942b00b46d1624db6845bc09fc

commit e2da63a7b57d96942b00b46d1624db6845bc09fc
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 17:55:29 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 19:36:02 +0000

    dev-lang/php: stable 7.1.18 for ppc, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 dev-lang/php/php-7.1.18.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6192a8852d849d76667f6cc382e9b35920e86d1a

commit 6192a8852d849d76667f6cc382e9b35920e86d1a
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 17:55:14 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 19:36:02 +0000

    dev-lang/php: stable 7.0.30 for ppc, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 dev-lang/php/php-7.0.30.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d7fce4657bc708940c3d6502709e2fcd612f1bd9

commit d7fce4657bc708940c3d6502709e2fcd612f1bd9
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 17:55:00 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 19:36:02 +0000

    dev-lang/php: stable 5.6.36 for ppc, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc"

 dev-lang/php/php-5.6.36.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 10 Larry the Git Cow gentoo-dev 2018-06-24 20:23:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f3326b08563631a134d4cc7a749aaedb44d18b5e

commit f3326b08563631a134d4cc7a749aaedb44d18b5e
Author:     Sergei Trofimovich <slyfox@gentoo.org>
AuthorDate: 2018-06-24 20:01:13 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-06-24 20:21:04 +0000

    dev-lang/php: stable 5.6.36 for ppc64, bug #658092
    
    Bug: https://bugs.gentoo.org/658092
    Package-Manager: Portage-2.3.40, Repoman-2.3.9
    RepoMan-Options: --include-arches="ppc64"

 dev-lang/php/php-5.6.36.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 11 Mikle Kolyada archtester Gentoo Infrastructure gentoo-dev Security 2018-06-26 16:02:43 UTC
arm stable
Comment 12 Tobias Klausmann gentoo-dev 2018-06-27 07:26:43 UTC
Stable on alpha.
Comment 13 Brian Evans Gentoo Infrastructure gentoo-dev 2018-06-29 16:38:56 UTC
(In reply to Larry the Git Cow from comment #10)
> The bug has been referenced in the following commit(s):
> 
> https://gitweb.gentoo.org/repo/gentoo.git/commit/
> ?id=f3326b08563631a134d4cc7a749aaedb44d18b5e
> 
> commit f3326b08563631a134d4cc7a749aaedb44d18b5e
> Author:     Sergei Trofimovich <slyfox@gentoo.org>
> AuthorDate: 2018-06-24 20:01:13 +0000
> Commit:     Sergei Trofimovich <slyfox@gentoo.org>
> CommitDate: 2018-06-24 20:21:04 +0000
> 
>     dev-lang/php: stable 5.6.36 for ppc64, bug #658092
>     
>     Bug: https://bugs.gentoo.org/658092
>     Package-Manager: Portage-2.3.40, Repoman-2.3.9
>     RepoMan-Options: --include-arches="ppc64"
> 
>  dev-lang/php/php-5.6.36.ebuild | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

@ppc64 anything wrong with 7.0.30 or 7.1.18?
Comment 14 GLSAMaker/CVETool Bot gentoo-dev 2018-07-11 15:50:14 UTC
CVE-2018-10549 (https://nvd.nist.gov/vuln/detail/CVE-2018-10549):
  An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x
  before 7.1.17, and 7.2.x before 7.2.5. exif_read_data in ext/exif/exif.c has
  an out-of-bounds read for crafted JPEG data because exif_iif_add_value
  mishandles the case of a MakerNote that lacks a final '\0' character.

CVE-2018-10548 (https://nvd.nist.gov/vuln/detail/CVE-2018-10548):
  An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x
  before 7.1.17, and 7.2.x before 7.2.5. ext/ldap/ldap.c allows remote LDAP
  servers to cause a denial of service (NULL pointer dereference and
  application crash) because of mishandling of the ldap_get_dn return value.

CVE-2018-10546 (https://nvd.nist.gov/vuln/detail/CVE-2018-10546):
  An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x
  before 7.1.17, and 7.2.x before 7.2.5. An infinite loop exists in
  ext/iconv/iconv.c because the iconv stream filter does not reject invalid
  multibyte sequences.

CVE-2018-10545 (https://nvd.nist.gov/vuln/detail/CVE-2018-10545):
  An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x
  before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow
  bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE
  prctl call, allowing one user (in a multiuser environment) to obtain
  sensitive information from the process memory of a second user's PHP
  applications by running gcore on the PID of the PHP-FPM worker process.
Comment 15 Sergei Trofimovich gentoo-dev 2018-07-29 16:27:52 UTC
ppc64 stable
Comment 16 Brian Evans Gentoo Infrastructure gentoo-dev 2018-08-18 01:26:31 UTC
All security arches stable

Affected ebuilds cleaned
Comment 17 Leho Kraav (:macmaN @lkraav) 2018-09-15 08:57:24 UTC
What's the criteria for this moving from IN_PROGRESS -> FIXED
Comment 18 Sergei Trofimovich gentoo-dev 2018-09-18 23:09:49 UTC
hppa has no stable keywords
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2018-12-02 15:45:46 UTC
This issue was resolved and addressed in
 GLSA 201812-01 at https://security.gentoo.org/glsa/201812-01
by GLSA coordinator Aaron Bauman (b-man).