CVE-2019-11043

Priority
Description
In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below
7.3.11 in certain configurations of FPM setup it is possible to cause FPM
module to write past allocated buffers into the space reserved for FCGI
protocol data, thus opening the possibility of remote code execution.
Assigned-to
mdeslaur
Notes
sbeattiePEAR issues should go against php-pear as of xenial
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.40)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.29+esm6)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:https://github.com/microsoft/php-src/commit/c69bcb212b37900fd61daaf38762e4974cb4dcc9
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.33-0ubuntu0.16.04.7)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a (7.1)
Package
Upstream:released (7.2.24)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (7.2.24-0ubuntu0.18.04.1)
Ubuntu 19.04 (Disco Dingo):released (7.2.24-0ubuntu0.19.04.1)
Ubuntu 19.10 (Eoan Ermine):DNE
Ubuntu 20.04 (Focal Fossa):DNE
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=ab061f95ca966731b1c84cf5b7b20155c0a1c06a
Package
Upstream:released (7.3.11)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):DNE
Ubuntu 19.10 (Eoan Ermine):released (7.3.11-0ubuntu0.19.10.1)
Ubuntu 20.04 (Focal Fossa):needed
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=19e17d3807e6cc0b1ba9443ec5facbd33a61f8fe
More Information

Updated: 2019-10-30 04:14:24 UTC (commit 55913f7fdd25b28125153efda348ffa21c82c0ce)