Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-71275

php (8.0) update for low/moderate security

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Story Story
    • Resolution: Done-Errata
    • Icon: Undefined Undefined
    • rhel-9.6
    • None
    • php
    • None
    • php-8.0.30-2.el9
    • None
    • rhel-stacks-web-servers
    • ssg_core_services
    • 3
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None

      List of CVE needing backport

       

      From 8.1.31

      • CVE-2024-8929 Leak partial content of the heap through heap buffer over-read
      • CVE-2024-11234 Configuring a proxy in a stream context might allow for CRLF injection in URIs
      • CVE-2024-11233 Single byte overread with convert.quoted-printable-decode filter

      From 8.1.30

      • CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
      • CVE-2024-9026 Logs from childrens may be altered
      • CVE-2024-8925 Erroneous parsing of multipart form data

      From 8.1.29

      • CVE-2024-5458 Filter bypass in filter_var FILTER_VALIDATE_URL

      From 8.1.28

      • CVE-2024-2756 {}Host-/{_}_Secure- cookie bypass due to partial CVE-2022-31629 fix
      • CVE-2024-3096 password_verify can erroneously return true, opening ATO risk

              rcollet@redhat.com Remi Collet
              rcollet@redhat.com Remi Collet
              Remi Collet Remi Collet
              Iveta Kyralova Iveta Kyralova
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: