Ubuntu
php5 package

openssl_random_pseudo_bytes() security bug and PHP packages

Asked by vinc-q

Are Ubuntu official PHP packages patched against openssl_random_pseudo_bytes() security bug (https://bugs.php.net/bug.php?id=70014)?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu php5 Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

I suggest you report a bug. Mark it as a security bug and add your link in the bug.

Revision history for this message
vinc-q (vinc-q) said : 		#2

I don't know if Ubuntu official PHP packages are patched against openssl_random_pseudo_bytes() security bug, I'm just asking :)

Revision history for this message
Manfred Hampl (m-hampl) said : 		#3

When browsing the Ubuntu php5 change logs I cannot find anything.
And also the bug listing does not show anything that seems to cover that.
This seems not to have a CVE number, so it is harder to track.

http://php.net/ChangeLog-5.php shows that the vulnerability is corrected in the versions
5.6.12, 5.5.28, 5.4.44, so it might well be still affecting the Ubuntu versions (5.6.11, 5.6.4, 5.5.9 and eventually 5.3.10).

I support actionparsnip's advice to create a bug report.

Revision history for this message
vinc-q (vinc-q) said : 		#4

Done!

Can you help with this problem?

Provide an answer of your own, or ask vinc-q for more information if necessary.

To post a message you must log in.