UbuntuUpdates.org

Package "php8.3"

Name: php8.3

Description:

server-side, HTML-embedded scripting language (metapackage)

Latest version: 8.3.6-0ubuntu0.24.04.2
Release: noble (24.04)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links


Download "php8.3"


Other versions of "php8.3" in Noble

Repository Area Version
base main 8.3.6-0maysync1
security main 8.3.6-0ubuntu0.24.04.2
security universe 8.3.6-0ubuntu0.24.04.2
updates universe 8.3.6-0ubuntu0.24.04.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.3.6-0ubuntu0.24.04.2 2024-10-01 17:07:12 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.2) noble-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927
  * SECURITY UPDATE: Logs from childrens may be altered
    - debian/patches/CVE-2024-9026.patch: properly calculate size in
      sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
    - CVE-2024-9026

 -- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 11:17:17 -0400

Source diff to previous version
CVE-2024-8925 Erroneous parsing of multipart form data
CVE-2024-8927 cgi.force_redirect configuration is byppassible due to the environment variable collision
CVE-2024-9026 Logs from childrens may be altered

Version: 8.3.6-0ubuntu0.24.04.1 2024-06-19 14:07:21 UTC

  php8.3 (8.3.6-0ubuntu0.24.04.1) noble-security; urgency=medium

  * SECURITY UPDATE: Invalid user information
    - debian/patches/CVE-2024-5458.patch: improves filters validation
      in ext/filter/logical_filters.c and adds test
      in ext/filter/tests/ghsa-w8qr-v226-r27w.phpt.
    - CVE-2024-5458

 -- Leonidas Da Silva Barbosa <email address hidden> Thu, 13 Jun 2024 12:23:20 -0300

CVE-2024-5458 In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, due to a code logic error, filtering functions such as filter_var when



About   -   Send Feedback to @ubuntu_updates