-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php (SSA:2024-158-01)

New php packages are available for Slackware 15.0 and -current to
fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/php81/php81-8.1.29-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Bypass of CVE-2012-1823, Argument Injection in PHP-CGI.
  Filter bypass in filter_var FILTER_VALIDATE_URL.
  Bypass of CVE-2024-1874.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.29
    https://www.cve.org/CVERecord?id=CVE-2024-4577
    https://www.cve.org/CVERecord?id=CVE-2024-5458
    https://www.cve.org/CVERecord?id=CVE-2024-5585
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.29-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.29-x86_64-1_slack15.0.txz

Updated packages for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-8.3.8-i586-1.txz

Updated packages for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-8.3.8-x86_64-1.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
95dbbe4964914965daee9e2a9054468a  php81-8.1.29-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
1b4180c21741b76737747a63c7b4efd2  php81-8.1.29-x86_64-1_slack15.0.txz

Slackware -current packages:
7564660d8b941b3870b7274e6668bdf0  n/php-8.3.8-i586-1.txz

Slackware x86_64 -current packages:
d7e786bdd83d3c8fa3c0964e2f43eae1  n/php-8.3.8-x86_64-1.txz




Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg php81-8.1.29-i586-1_slack15.0.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start


+-----+

Slackware: 2024-158-01: php Security Advisory Update

June 6, 2024
New php packages are available for Slackware 15.0 and -current to fix security issues

Summary

Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.29-i586-1_slack15.0.txz: Upgraded. This update fixes bugs and security issues: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI. Filter bypass in filter_var FILTER_VALIDATE_URL. Bypass of CVE-2024-1874. For more information, see: https://www.php.net/ChangeLog-8.php#8.1.29 https://www.cve.org/CVERecord?id=CVE-2024-4577 https://www.cve.org/CVERecord?id=CVE-2024-5458 https://www.cve.org/CVERecord?id=CVE-2024-5585 (* Security fix *)

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated packages for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.29-i586-1_slack15.0.txz
Updated packages for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.29-x86_64-1_slack15.0.txz
Updated packages for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/php-8.3.8-i586-1.txz
Updated packages for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/php-8.3.8-x86_64-1.txz

MD5 Signatures

Slackware 15.0 packages: 95dbbe4964914965daee9e2a9054468a php81-8.1.29-i586-1_slack15.0.txz
Slackware x86_64 15.0 packages: 1b4180c21741b76737747a63c7b4efd2 php81-8.1.29-x86_64-1_slack15.0.txz
Slackware -current packages: 7564660d8b941b3870b7274e6668bdf0 n/php-8.3.8-i586-1.txz
Slackware x86_64 -current packages: d7e786bdd83d3c8fa3c0964e2f43eae1 n/php-8.3.8-x86_64-1.txz



Severity
[slackware-security] php (SSA:2024-158-01)
New php packages are available for Slackware 15.0 and -current to fix security issues.

Installation Instructions

Installation instructions: Upgrade the package as root: # upgradepkg php81-8.1.29-i586-1_slack15.0.txz Then, restart Apache httpd: # /etc/rc.d/rc.httpd stop # /etc/rc.d/rc.httpd start

Related News

8.Locks HexConnections CodeGlobe Esm H170
2 - 4 min read
Canonical has made headlines with its groundbreaking long-term support (LTS) service offering to extend far beyond Ubuntu deb packages, promising 12
14.Lock Code WorldMap Esm H170
2 - 4 min read
Government agencies are drawing attention to an issue plaguing open-source communities: memory-unsafe languages. A study entitled " Exploring Memory
11.Locks IsometricPattern Esm H170
2 - 3 min read
Cybersecurity threats continue to emerge regularly, and Promon's security team recently identified one such novel threat, Snowblind. This malware
32.Lock Code Circular Esm H170
2 - 4 min read
The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its
6.EmailConnection Touch Esm H170
2 - 3 min read
Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and
20.Lock AbstractDigital Circular Esm H170
2 - 3 min read
Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other
20.Lock AbstractDigital Circular Esm H170
2 - 4 min read
The recent discovery of a backdoor in Linux's xz compression tool has shed light on cybercriminals' ingenious methods of gaining entry and remaining
19.Laptop Bed Esm H170
2 - 4 min read
Wordfence security researchers recently shed light on an infamous supply chain attack that may have affected as many as 36,000 WordPress websites.

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved