Since the changelog for this fix had no mentions to this bug, and as per
Marc's comments on
https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/1953244, I am
closing this as fixed.
** Changed in: php7.4 (Ubuntu)
Status: In Progress => Fix Released
--
You received this bug notification b
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21703
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948957
Title:
CVE-2021-21703: PHP-FPM oob R/W in root process leading to privil
just installed php-fpm + nginx on a 20.04 system today (2021-12-05)
which installed 7.4.3-4ubuntu2.7 , which seems vulnerable, POC code
still causes segfaults:
https://github.com/cfreal/exploits/blob/master/php-SplDoublyLinkedList-
offsetUnset/exploit.php
i don't think this is fixed yet? at least
Hi,thanks Leonidas, you mean, the fixed packages will be out today?
Great!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948957
Title:
CVE-2021-21703: PHP-FPM oob R/W in root process leading to pri
Hi Johannes,
It'll be published today.
Thanks
** Changed in: php7.4 (Ubuntu)
Status: New => In Progress
** Changed in: php7.4 (Ubuntu)
Assignee: (unassigned) => Leonidas S. Barbosa (leosilvab)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Information type changed from Private Security to Public Security
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1948957
Title:
CVE-2021-21703: PHP-FPM oob R/W in root process leading to privilege
