Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Slackware 15.0: SSA:2024-103-01 Critical: PHP Command Injection Risk

slackware
Calendar Grey April 12, 2024
Dist Slackware Esm H88
Recent software updates have been released for Slackware 15.0 and testing versions, targeting significant security vulnerabilities and improvements.
New php packages are available for Slackware 15.0 and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.28-i586-1_slack15.0.txz: Upgraded. This update fixes security issues: Command injection via array-ish $command parameter of proc_open. __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix. Password_verify can erroneously return true, opening ATO risk. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.28 https://www.cve.org/CVERecord?id=CVE-2024-1874 https://www.cve.org/CVERecord?id=CVE-2024-2756 https://www.cve.org/CVERecord?id=CVE-2024-3096 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (https://osuosl.org/) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated package for Slackware 15.0:
Updated package for Slackware x86_64 15.0:
Updated package for Slackware -current:
Updated package for Slackware x86_64 -current:

MD5 Signatures

Slackware 15.0 package: 912a70b605290d9fa79ac11089f232f3 php81-8.1.28-i586-1_slack15.0.txz
Slackware x86_64 15.0 package: bbf7d8260161db99e343e17ae6c52bd9 php81-8.1.28-x86_64-1_slack15.0.txz
Slackware -current package: 598fd38d4ec67d5dd6c8913b16e5ca6f n/php-8.3.6-i586-1.txz
Slackware x86_64 -current package: 03bbdf7c6e708ce44e19740728cf2849 n/php-8.3.6-x86_64-1.txz



Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg php81-8.1.28-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Your message here