CVE-2017-7189

Priority
Description
main/streams/xp_socket.c in PHP 7.x before 2017-03-07 misparses fsockopen
calls, such as by interpreting fsockopen('127.0.0.1:80', 443) as if the
address/port were 127.0.0.1:80:443, which is later truncated to
127.0.0.1:80. This behavior has a security risk if the explicitly provided
port number (i.e., 443 in this example) is hardcoded into an application as
a security policy, but the hostname argument (i.e., 127.0.0.1:80 in this
example) is obtained from untrusted input.
Notes
mdeslaurthe commit for this was later reverted as it introduced a
regression. As of 2017-07-11, there is no current fix.
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):deferred (2019-10-17)
Ubuntu 14.04 ESM (Trusty Tahr):deferred (2019-10-17)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):deferred (2019-10-17)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):deferred (2019-10-17)
Ubuntu 19.04 (Disco Dingo):deferred (2019-10-17)
Ubuntu 19.10 (Eoan):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan):deferred (2019-10-17)
Patches:
Upstream:https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
Upstream:https://github.com/php/php-src/commit/cda7dcf4cacef3346f9dc2a4dc947e6a74769259
Upstream:https://github.com/php/php-src/commit/bf3e2dce7b54988d82f16ee3564c14f1b5cd936b
Upstream:https://github.com/php/php-src/commit/09ef61e3ca33d8f91b188cd0ad2512987671962b
More Information

Updated: 2019-10-18 02:34:09 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)