Alerts This Week
Warning Icon 1 697
Alerts This Week
Warning Icon 1 697

Fedora 39: FEDORA-2024-7c800c4df7 Critical: PHP Injection Bypass

fedora
Calendar Grey October 4, 2024
Dist Fedora Esm H88
Fedora 39 implements vital security patches for PHP, tackling various injection risks and misconfiguration issues.
PHP version 8.2.24 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.2.24 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi) Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot) Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot) Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). (nielsdos) Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, Thomas Petazzoni) Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud) Fixed uninitialized lineno in constant AST of internal enums. (ilutov) Curl: FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (David Carlier) DOM: ...

Topics%20covered

Topics Covered

security advisory critical Fedora php CGI bypass parameter injection

Change Log

* Wed Sep 25 2024 Remi Collet - 8.2.24-1 - Update to 8.2.24 - http://www.php.net/releases/8_2_24.php

References

Fedora Update Notification FEDORA-2024-7c800c4df7 2024-10-04 01:50:53.151752 Name : php Product : Fedora 39 Version : 8.2.24 Release : 1.fc39 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-7c800c4df7' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 39
Version: 8.2.24
Release: 1.fc39
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory critical Fedora php CGI bypass parameter injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here