Advisories » MGASA-2024-0328

Updated php packages fix security vulnerabilities

Publication date: 11 Oct 2024
Modification date: 11 Oct 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-8927 , CVE-2024-9026

Description

HTTP_REDIRECT_STATUS might be controlled via user request
FPM log output might be modified by an attacker
HTTP POST can be modified by an attacker
For other bug fixes consult references
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33623
• https://www.php.net/ChangeLog-8.php#8.2.24
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8927
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9026

SRPMS

9/core

• php-8.2.24-1.mga9