SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3733

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-3733

Security update for php7

Type: security

Severity: moderate

Issued: 2024-10-18

Description:

This update for php7 fixes the following issues:

- CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) 
- CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) 
- CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382)

References

CVE: CVE-2024-9026
CVE: CVE-2024-8927
CVE: CVE-2024-8925
Bugzilla: 1231382 VUL-0: CVE-2024-9026: php: pollution of worker output logs in PHP-FPM
Bugzilla: 1231360 VUL-0: CVE-2024-8925: php: erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed
Bugzilla: 1231358 VUL-0: CVE-2024-8927: php: cgi.force_redirect configuration is bypassable due to an environment variable collision

Packages

php7-embed-7.4.33-150400.4.40.1