CVE-2017-11144

Priority
Medium
Description
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the
openssl extension PEM sealing code did not check the return value of the
OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative number in
ext/openssl/openssl.c, and an OpenSSL documentation omission.
References
Bugs
Package
Source: php5 (LP Ubuntu Debian)
Upstream:released (5.6.31)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.22)
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/89637c6b41b510c20d262c17483f582f115c66d6
Package
Upstream:released (7.1.7)
Ubuntu 17.10 (Artful Aardvark):released (7.1.8-1ubuntu1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Patches:
Upstream:https://github.com/php/php-src/commit/73cabfedf519298e1a11192699f44d53c529315e
Package
Upstream:released (7.0.21)
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.22-0ubuntu0.16.04.1)
Ubuntu 17.04 (Zesty Zapus):released (7.0.22-0ubuntu0.17.04.1)
Patches:
Upstream:https://github.com/php/php-src/commit/73cabfedf519298e1a11192699f44d53c529315e
More Information

Updated: 2017-08-11 23:24:35 UTC (commit 13081)