Sicherheit: Mehrere Probleme in PHP

Lesezeichen hinzufügen

--===============8111796535100144192==
Content-Type: text/plain; charset="utf-8"

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202501-11
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Severity: High
Title: PHP: Multiple Vulnerabilities
Date: January 23, 2025
Bugs: #941598
ID: 202501-11

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been discovered in PHP, the worst of which
could lead to arbitrary code execution.

Background
==========

PHP is a widely-used general-purpose scripting language that is
especially suited for Web development and can be embedded into HTML.

Affected packages
=================

Package Vulnerable Unaffected
------------ ------------ -------------
dev-lang/php < 8.1.30:8.1 Vulnerable!
< 8.2.24:8.2 >= 8.2.24:8.2
< 8.3.12:8.3 >= 8.3.12:8.3

Description
===========

Multiple vulnerabilities have been discovered in PHP. Please review the
CVE identifiers referenced below for details.

Impact
======

Please review the referenced CVE identifiers for details.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All PHP users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.2.24:8.2"
# emerge --ask --oneshot --verbose ">=dev-lang/php-8.3.12:8.3"

Gentoo has discontinued support for php 8.1:

# emerge --ask --verbose --depclean "dev-lang/php:8.1"

References
==========

[ 1 ] CVE-2024-8925
https://nvd.nist.gov/vuln/detail/CVE-2024-8925
[ 2 ] CVE-2024-8927
https://nvd.nist.gov/vuln/detail/CVE-2024-8927
[ 3 ] CVE-2024-9026
https://nvd.nist.gov/vuln/detail/CVE-2024-9026

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202501-11

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2025 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5
--===============8111796535100144192==
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmeR7y8ACgkQFMQkOaVy
+9mqrhAA1jqmbtcT5dBqbNirnwUZXKIPx/C3QE6+qw+29BVsg/c8WS775DXoqAyu
qBgYrkWyTviUa+CXjqassB3pnSK9B1cMod1iTJIpI6bGdMs29ixaqbkuPjLXjoyj
qM3jKRxAobNGNZ/dSKJAjMYloYxW5gBxpqXvHmXCLYcuSdJkj4S2mH8s2dNY4e/S
GwjhTMbjj0MAlhzErYLkaxd2JCXo522eh7VcgDzhXvIGpQwBFsSpeldLjJ9nIode
3U5s4R3JVZWwi8fdXtqvpj78yzA4mi9dnb5ncD9NPET2kfus+YNmEyjRn/MDxL9O
fg/AZ4OE9god5pEFetBw5LFtCNcEJLoQf0lwqVzalKbkMV+VK4GfuJLtpUdIlt7b
e++JVf2wYXV/UQft/d4MDx1aFmTESoVtCBdH455BkaJEcoRjsKWEjc12ZPxvnJnr
ezXrNElQ2YtSrvOmICoAAtgyXapB6Mr8Bq+lQTyqooo0hafuPvvq+yYWH2pWBkR5
8bDBkCw3QbDj0dNknt/GpaB27EfKUN0Nj4ssPV/7tLfx2/Oyvwunlw6OItwvGXAw
p0mOk7vZn0fL4jYAt/lGKCl/UowfB/aog2KefrZaaOsPYkd+ypdELOz9JmzwYLGt
ebk6Wt6S8GwQCUmFKrLHausdq197N3yK/Eq5vfa6pHkU2Wctv1o=
=Wrp6
-----END PGP SIGNATURE-----

--===============8111796535100144192==--