CVE 2018-10545
An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
Related bugs and status
CVE-2018-10545 (Candidate) is related to these bugs:
Bug #1770184: Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu) | Undecided | Fix Released | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Bionic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Bionic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Bionic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Bionic) | Medium | Fix Released | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Trusty) | Medium | Fix Released | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Trusty) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Trusty) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Trusty) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Xenial) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Xenial) | Medium | Fix Released | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Xenial) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Xenial) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Cosmic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Cosmic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Cosmic) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Cosmic) | Undecided | Fix Released | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php5 (Ubuntu Artful) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.0 (Ubuntu Artful) | Undecided | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.1 (Ubuntu Artful) | Medium | Invalid | ||
| 1770184 | Security patches in 5.6.36, 7.0.30, 7.1.17 & 7.2.5 | php7.2 (Ubuntu Artful) | Undecided | Invalid | ||
Bug #1770222: [MRE] Please update to latest upstream release 7.0.30 / 7.1.17 / 7.2.5
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 1770222 | [MRE] Please update to latest upstream release 7.0.30 / 7.1.17 / 7.2.5 | php7.0 (Ubuntu) | Undecided | New | ||
See the 
CVE page on Mitre.org
for more details.
