Bug 1652716 (CVE-2018-19396)
Summary: | CVE-2018-19396 php: Serializing or unserializing COM objects crashes | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fedora, hhorak, jorton, rcollet, webstack-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-11-26 22:10:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1652717 |
Description
Pedro Sampaio
2018-11-22 17:21:25 UTC
Notice: This issue is about serialization, so not considered as a security issue See warning on http://php.net/manual/en/function.unserialize.php COM extension is Windows only Upstream commit: http://git.php.net/?p=php-src.git;a=commitdiff;h=115ee49b0be12e3df7d2c7027609fbe1a1297e42 As noted in the previous comment, this only affects COM extension that is only available for Windows versions of PHP and hence this does not affect any Red Hat shipped PHP packages. |