CVE-2019-9637

Priority
Description
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and
7.3.x before 7.3.3. Due to the way rename() across filesystems is
implemented, it is possible that file being renamed is briefly available
with wrong permissions while the rename is ongoing, thus enabling
unauthorized users to access the data.
Assigned-to
leosilva
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.34)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.29)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Package
Upstream:released (7.2.16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (7.2.15-0ubuntu0.18.04.2)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=e3133e4db70476fb7adfdedb738483e2255ce0e1
Package
Upstream:released (7.3.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2020-07-28 20:07:57 UTC (commit d26b6ca9f5b3adb89bb036ce73ae7dab894935ec)