Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2024:3664-1 Moderate: PHP8 HTTP POST Configuration Issue

suse
Calendar Grey October 16, 2024
Dist Suse Esm H88
Security update for php8 from SUSE fixes multiple issues including severe configuration flaws. Stay updated on improvements!
* bsc#1231358 * bsc#1231360 * bsc#1231382 Cross-References:

Summary

## This update for php8 fixes the following issues: * CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) * CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) * CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2024-3664=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2024-3664=1 * Web and Scripting Module 15-SP5

Topics%20covered

Topics Covered

No topics assigned

References

* bsc#1231358

* bsc#1231360

* bsc#1231382

Cross-

* CVE-2024-8925

* CVE-2024-8927

* CVE-2024-9026

CVSS scores:

* CVE-2024-8925 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-8925 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-8925 ( NVD ): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

* CVE-2024-8927 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-8927 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

* CVE-2024-8927 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2024-9026 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2024-9026 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Announcement ID: SUSE-SU-2024:3664-1
Release Date: 2024-10-16T14:28:54Z
Rating: moderate

Topics%20covered

Topics Covered

No topics assigned

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here