CVE-2018-10545

Name	CVE-2018-10545
Description	An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, 7.1.x before 7.1.16, and 7.2.x before 7.2.4. Dumpable FPM child processes allow bypassing opcache access controls because fpm_unix.c makes a PR_SET_DUMPABLE prctl call, allowing one user (in a multiuser environment) to obtain sensitive information from the process memory of a second user's PHP applications by running gcore on the PID of the PHP-FPM worker process.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-1373-1, DLA-1397-1, DSA-4240-1

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
php5	source	wheezy	5.4.45-0+deb7u14	DLA-1373-1
php5	source	jessie	5.6.36+dfsg-0+deb8u1	DLA-1397-1
php5	source	(unstable)	(unfixed)
php7.0	source	stretch	7.0.30-0+deb9u1	DSA-4240-1
php7.0	source	(unstable)	7.0.29-1
php7.1	source	(unstable)	7.1.16-1
php7.2	source	(unstable)	7.2.4-1

Notes

Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
PHP Bug: https://bugs.php.net/bug.php?id=75605