CVE-2019-9637

Priority
Description
An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and
7.3.x before 7.3.3. Due to the way rename() across filesystems is
implemented, it is possible that file being renamed is briefly available
with wrong permissions while the rename is ongoing, thus enabling
unauthorized users to access the data.
Assigned-to
leosilva
Notes
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (5.3.10-1ubuntu3.34)
Ubuntu 14.04 ESM (Trusty Tahr):released (5.5.9+dfsg-1ubuntu4.29)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (7.0.33-0ubuntu0.16.04.3)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):DNE
Package
Upstream:released (7.2.16)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):released (7.2.15-0ubuntu0.18.04.2)
Ubuntu 19.10 (Eoan Ermine):released (7.2.15-0ubuntu3)
Patches:
Upstream:http://git.php.net/?p=php-src.git;a=commit;h=e3133e4db70476fb7adfdedb738483e2255ce0e1
Package
Upstream:released (7.3.3)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.10 (Eoan Ermine):not-affected (7.3.4-2)
More Information

Updated: 2020-01-29 20:05:38 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)