Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 41: 2024-a03b06dbd0 critical: php parameter injection

fedora
Calendar Grey October 2, 2024
Dist Fedora Esm H88
Essential enhancements for PHP in Fedora 41 tackling several security vulnerabilities with crucial fixes.
PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability)

Summary

PHP is an HTML-embedded scripting language. PHP attempts to make it

easy for developers to write dynamically generated web pages. PHP also

offers built-in database integration for several commercial and

non-commercial database management systems, so writing a

database-enabled webpage with PHP is fairly simple. The most common

use of PHP coding is probably as a replacement for CGI scripts.

Update Information:

PHP version 8.3.12 (26 Sep 2024) CGI: Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577, Parameter Injection Vulnerability). (CVE-2024-8926) (nielsdos) Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration is bypassable due to the environment variable collision). (CVE-2024-8927) (nielsdos) Core: Fixed bug GH-15408 (MSan false-positve on zend_max_execution_timer). (zeriyoshi) Fixed bug GH-15515 (Configure error grep illegal option q). (Peter Kokot) Fixed bug GH-15514 (Configure error: genif.sh: syntax error). (Peter Kokot) Fixed bug GH-15565 (--disable-ipv6 during compilation produces error EAI_SYSTEM not found). (nielsdos) Fixed bug GH-15587 (CRC32 API build error on arm 32-bit). (Bernd Kuhls, Thomas Petazzoni) Fixed bug GH-15330 (Do not scan generator frames more than once). (Arnaud) Fixed uninitialized lineno in constant AST of internal enums. (ilutov) Curl: FIxed bug GH-15547 (curl_multi_select overflow on timeout argument). (David Carlier) DOM: ...

Topics%20covered

Topics Covered

security advisory update critical Fedora php DoS parameter injection

Change Log

* Wed Sep 25 2024 Remi Collet - 8.3.12-1 - Update to 8.3.12 - http://www.php.net/releases/8_3_12.php * Wed Sep 11 2024 Remi Collet - 8.3.12~RC1-2 - enable command history in phpdbg * Tue Sep 10 2024 Remi Collet - 8.3.12~RC1-1 - update to 8.3.12RC1

References

Fedora Update Notification FEDORA-2024-a03b06dbd0 2024-10-02 01:30:51.688919 Name : php Product : Fedora 41 Version : 8.3.12 Release : 1.fc41 URL : http://www.php.net/ Summary : PHP scripting language for creating dynamic web sites Description : PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-a03b06dbd0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: php
Product: Fedora 41
Version: 8.3.12
Release: 1.fc41
URL: http://www.php.net/
Summary: PHP scripting language for creating dynamic web sites

Topics%20covered

Topics Covered

security advisory update critical Fedora php DoS parameter injection

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here