openssl_random_pseudo_bytes() security bug and PHP packages

Asked by vinc-q

Are Ubuntu official PHP packages patched against openssl_random_pseudo_bytes() security bug (

Question information

English Edit question
Ubuntu php5 Edit question
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said :

I suggest you report a bug. Mark it as a security bug and add your link in the bug.

Revision history for this message
vinc-q (vinc-q) said :

I don't know if Ubuntu official PHP packages are patched against openssl_random_pseudo_bytes() security bug, I'm just asking :)

Revision history for this message
Manfred Hampl (m-hampl) said :

When browsing the Ubuntu php5 change logs I cannot find anything.
And also the bug listing does not show anything that seems to cover that.
This seems not to have a CVE number, so it is harder to track. shows that the vulnerability is corrected in the versions
5.6.12, 5.5.28, 5.4.44, so it might well be still affecting the Ubuntu versions (5.6.11, 5.6.4, 5.5.9 and eventually 5.3.10).

I support actionparsnip's advice to create a bug report.

Revision history for this message
vinc-q (vinc-q) said :


Can you help with this problem?

Provide an answer of your own, or ask vinc-q for more information if necessary.

To post a message you must log in.