The Slackware Linux Project: Mailing List Info

Mailing List Info

News
Security Advisories
FAQ
Book
General Info
Get Slack
Install Help
Configuration
Packages
ChangeLogs
Propaganda
Ports
Other Sites
Support
Contact

Mailing Lists
Archives

About

From: Slackware Security Team <security@slackware.com>
To: slackware-security@slackware.com
Subject: [slackware-security] php81 (SSA:2024-297-01)
Date: Wed, 23 Oct 2024 12:42:15 -0700 (PDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  php81 (SSA:2024-297-01)

New php81 packages are available for Slackware 15.0 to fix security issues.


Here are the details from the Slackware 15.0 ChangeLog:
+--------------------------+
extra/php81/php81-8.1.30-i586-1_slack15.0.txz:  Upgraded.
  This update fixes bugs and security issues:
  Bypass of CVE-2024-4577, Parameter Injection Vulnerability.
  cgi.force_redirect configuration is bypassable due to the environment
  variable collision.
  Logs from childrens may be altered.
  Erroneous parsing of multipart form data.
  For more information, see:
    https://www.php.net/ChangeLog-8.php#8.1.30
    https://www.cve.org/CVERecord?id=CVE-2024-8926
    https://www.cve.org/CVERecord?id=CVE-2024-8927
    https://www.cve.org/CVERecord?id=CVE-2024-9026
    https://www.cve.org/CVERecord?id=CVE-2024-8925
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://slackware.com for
additional mirror sites near you.

Updated packages for Slackware 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware-15.0/extra/php81/php81-8.1.30-i586-1_slack15.0.txz

Updated packages for Slackware x86_64 15.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/extra/php81/php81-8.1.30-x86_64-1_slack15.0.txz


MD5 signatures:
+-------------+

Slackware 15.0 packages:
f5f02a4d41face4db9f0aa8e2a09c436  php81-8.1.30-i586-1_slack15.0.txz

Slackware x86_64 15.0 packages:
7487a753cfebb64142474e278c703908  php81-8.1.30-x86_64-1_slack15.0.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg php81-8.1.30-i586-1_slack15.0.txz

Then, restart Apache httpd:
# /etc/rc.d/rc.httpd stop
# /etc/rc.d/rc.httpd start


+-----+

Slackware Linux Security Team
http://slackware.com/gpg-key
security@slackware.com

+------------------------------------------------------------------------+
| To leave the slackware-security mailing list:                          |
+------------------------------------------------------------------------+
| Send an email to majordomo@slackware.com with this text in the body of |
| the email message:                                                     |
|                                                                        |
|   unsubscribe slackware-security                                       |
|                                                                        |
| You will get a confirmation message back containing instructions to    |
| complete the process.  Please do not reply to this email address.      |
+------------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTsVknaQB4iq/pnNu9qRGPAQBAiMwUCZxlP4wAKCRBqRGPAQBAi
MyU7AJ46Qvogrobj8E+TvMCELOQH8aBWiQCfSzfSsif7HR/iqqr2BG9pV7KahhE=
=BHWZ
-----END PGP SIGNATURE-----

Slackware™ is a trademark of Patrick Volkerding.