it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
- From: Moritz Muehlenhoff <jmm AT debian.org>
- To: debian-security-announce AT lists.debian.org
- Subject: [IT-SecNots] [SECURITY] [DSA 5780-1] php8.2 security update
- Date: Wed, 2 Oct 2024 20:26:51 +0000
- Authentication-results: lists.piratenpartei.de; dkim=none; spf=none (lists.piratenpartei.de: domain of "bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org" has no SPF policy when checking 2001:41b8:202:deb:216:36ff:fe40:4002) smtp.mailfrom="bounce-debian-security-announce=it-securitynotifies=lists.piratenpartei.de AT lists.debian.org"; dmarc=none
- List-archive: https://lists.debian.org/msgid-search/Zv2si//8VOz5SLNg AT seger.debian.org
- List-id: <debian-security-announce.lists.debian.org>
- List-url: <http://lists.debian.org/debian-security-announce/>
- Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From:Date :Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=O8g6dtHpJ/k8GaUhF3SfOfZbYHbeh54x/gXHjn3i5SE=; b=Ww UWoH/euT4j/vxFS5P3/0XgD1IwdYHc/gytP5r7BTHcdKtgQRFwdjzmnhwqMYwvcdBdXYVBxYU/Ciq +yExRFedLbvpttJ3UCdV2seahtvKQkZvsk91YTXfpCpPF6MQaOLhIFJ9FfkH4ZRV3AIuyLw9npAwG tu5IkFrSGS2NjpuULjfCp/Om7XCpikzP7KXilnPP1UnwGsoleawBjUS5+cPT/c8ODP/fkNRptBmd5 3okJjCZ2fy2hPLmZaDhy9iKfOdhi6kvaYB/q8nRp8RFgJfWiCe1xC4eO4j3FwVg6obP/q9f6bvidi /c5/NL4jBPzvA4pLI4TInOj85kNP0JUw==;
- Old-return-path: <jmm AT seger.debian.org>
- Priority: urgent
- Resent-date: Wed, 2 Oct 2024 20:27:11 +0000 (UTC)
- Resent-from: debian-security-announce AT lists.debian.org
- Resent-message-id: <mVpi6XXwCgO.A.KVqP.fya_mB@bendel>
- Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-5780-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
October 02, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : php8.2
CVE ID : CVE-2024-8925 CVE-2024-8926 CVE-2024-8927
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language which could result in incorrect
parsing of multipart/form-data, bypass of the cgi.force_direct directive
or incorrect logging.
For the stable distribution (bookworm), these problems have been fixed in
version 8.2.24-1~deb12u1.
We recommend that you upgrade your php8.2 packages.
For the detailed security status of php8.2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/php8.2
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmb9q3oACgkQEMKTtsN8
TjZ4oA/+Nl36uyLTq/85ouNISRwFOBJ66HUlPr/wkb8OQHNjHZiWFRfinFlR3nzw
tIl8P8Te8NthAc/N8S87Qjq/mgtpSioVJyXQ+e+oILAubxP5BTwAMdiwPcBbeWdM
KJNMNTWdgUJvt6ds8AZm2+Cvr/utWe6R0FzxKEiHDk5EhnYZxyrh9rPYAtzq12pa
dBmy2d8PFMyCnBhdniK/vz6Icnx+qmRKChwau9YRXLh5gxxR19bTRw6yfq0xwtbG
g3Cg/0XnsB03/5iKq4QS9bsP8q9rmqjb9E1DQNBxKyneCC7iDWOpQBo7UgPJKCyV
Q+R4wu0s0I5Jz7aCMFq75FLjy1MwnhSxJ4hMPx+ouWj7J7hWGZxv+nVPzBHrB9N9
IGLeisKIMw6mH9H3rZlPZvUgirSJG/wmy5OkWgJA0hN85Xg0nheJ32ohvvvqDTdO
+eV7w89eufOB+WehBCLKCtHYtMpQ8f3FVunGKW2xZO811p3+dqgYmb8FmBb53il/
Wt7C/RLq2H+QuMjUcQZyHKJyKMmFnd4vW8Z7Jy6uJrFt/WqzvwBv56g3sZ5r+Yob
HSNuiz6h//WOG+VzKNYvuPVpQzC+KEMSFdi8CE2ldG1OAdCv+rheUj5PxkcwwPnM
OjS/JPu+5jwg6Nt59w0HiSIJBIyHjfOG+/O+F8AD1khUIFRi5CM=
=f6sC
-----END PGP SIGNATURE-----
- [IT-SecNots] [SECURITY] [DSA 5780-1] php8.2 security update, Moritz Muehlenhoff, 02.10.2024
Archiv bereitgestellt durch MHonArc 2.6.19+.