CVE-2019-9637 in Ubuntu

CVE-2019-9637

Priority

Description

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and
7.3.x before 7.3.3. Due to the way rename() across filesystems is
implemented, it is possible that file being renamed is briefly available
with wrong permissions while the rename is ongoing, thus enabling
unauthorized users to access the data.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9637
https://www.debian.org/security/2019/dsa-4403
https://ubuntu.com/security/notices/USN-3922-1
https://ubuntu.com/security/notices/USN-3922-2
https://ubuntu.com/security/notices/USN-3922-3

Bugs

https://bugs.php.net/bug.php?id=77630

Assigned-to

leosilva

Notes

Package

Source: php5 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	released (5.5.9+dfsg-1ubuntu4.29)

Patches:

Package

Source: php7.0 (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 18.04 LTS:	DNE
Ubuntu 16.04 ESM:	released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 14.04 ESM:	DNE

Patches:

Package

Source: php7.2 (LP Ubuntu Debian)

Upstream:	released (7.2.16)
Ubuntu 18.04 LTS:	released (7.2.15-0ubuntu0.18.04.2)
Ubuntu 14.04 ESM:	DNE

Patches:

Upstream:

http://git.php.net/?p=php-src.git;a=commit;h=e3133e4db70476fb7adfdedb738483e2255ce0e1

Package

Source: php7.3 (LP Ubuntu Debian)

Upstream:	released (7.3.3)
Ubuntu 18.04 LTS:	DNE
Ubuntu 14.04 ESM:	DNE

Patches:

More Information

Updated: 2022-04-13 14:01:32 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)