| Summary: | CVE-2015-8878 php: main/php_open_temporary_file.c does not ensure thread safety | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abhgupta, dmcphers, fedora, hhorak, jialiu, jokerman, jorton, kseifried, lmeyer, mmccomas, rcollet, tiwillia, webstack-team |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | php 5.5.28, php 5.6.12 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-06-01 13:53:57 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Bug Depends On: | 1338927 | ||
| Bug Blocks: | Embargoed1338914 | ||
|
Description
Andrej Nemec
2016-05-23 15:18:36 UTC
Created php tracking bugs for this issue: Affects: fedora-all [bug 1338927] Upstream identified that this problem was introduced via the following change: https://bugs.php.net/bug.php?id=66048 http://git.php.net/?p=php-src.git;a=commitdiff;h=c117548ea9365adac00960fe5f43425b2955310d in versions 5.5.26 and 5.6.10. Issue was corrected by this patch: http://git.php.net/?p=php-src.git;a=commitdiff;h=ce5c4500cd942ab85efa1e916ef00de860be9e6e in versions 5.5.28 and 5.6.12. No Red Hat product included affected versions. |