Overview

File _patchinfo of Package patchinfo.35978

<patchinfo incident="35978">
  <issue tracker="cve" id="2024-8925"/>
  <issue tracker="cve" id="2024-8927"/>
  <issue tracker="cve" id="2024-9026"/>
  <issue tracker="bnc" id="1231360">VUL-0: CVE-2024-8925: php: erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed</issue>
  <issue tracker="bnc" id="1231358">VUL-0: CVE-2024-8927: php: cgi.force_redirect configuration is bypassable due to an environment variable collision</issue>
  <issue tracker="bnc" id="1231382">VUL-0: CVE-2024-9026: php: pollution of worker output logs in PHP-FPM</issue>
  <packager>pgajdos</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for php7</summary>
  <description>This update for php7 fixes the following issues:

- CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) 
- CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) 
- CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) 
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places