Multiple vulnerabilities have been found in PHP. A remote attacker could exploit the vulnerabilities via specially crafted requests.
Reports indicate that there is elevated risk of cyber attacks on vulnerable systems. Please prioritise to patch the affected systems
A successful attack could lead to arbitrary code execution, denial of service and take control of an affected system.
The product vendor has released new versions to address the issues and they can be downloaded at the following URL:
http://php.net/downloads.php
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.
http://www.php.net/ChangeLog-5.php#5.6.36
http://www.php.net/ChangeLog-7.php#7.0.30
http://www.php.net/ChangeLog-7.php#7.1.17
http://www.php.net/ChangeLog-7.php#7.2.5
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-php-could-allow-for-arbitrary-code-execution_2018-046/
https://www.hkcert.org/my_url/en/alert/18043001
https://www.us-cert.gov/ncas/current-activity/2018/04/27/MS-ISAC-Releases-Advisory-PHP-Vulnerabilities
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10546 (to CVE-2018-10549)