UbuntuUpdates.org

Package "php8.3"

Name: php8.3

Description:

server-side, HTML-embedded scripting language (metapackage)
Latest version: 8.3.6-0ubuntu0.24.04.2
Release: noble (24.04)
Level: security
Repository: main
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.3"

All arch deb package
APT INSTALL

Other versions of "php8.3" in Noble

Repository Area Version
base universe 8.3.6-0maysync1
base main 8.3.6-0maysync1
security universe 8.3.6-0ubuntu0.24.04.2
updates main 8.3.6-0ubuntu0.24.04.2
updates universe 8.3.6-0ubuntu0.24.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.3.6-0ubuntu0.24.04.2 2024-10-03 15:07:06 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927
  * SECURITY UPDATE: Logs from childrens may be altered
    - debian/patches/CVE-2024-9026.patch: properly calculate size in
      sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
    - CVE-2024-9026

 -- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 11:17:17 -0400
Source diff to previous version
CVE-2024-8925 Erroneous parsing of multipart form data
CVE-2024-8927 cgi.force_redirect configuration is byppassible due to the environment variable collision
CVE-2024-9026 Logs from childrens may be altered

Version: 8.3.6-0ubuntu0.24.04.1 2024-06-19 13:07:14 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Jun 2024 12:23:20 -0300
CVE-2024-5458 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when


About   -   Send Feedback to @ubuntu_updates