Gentoo alert 202501-11 (PHP)
| From: | glsamaker@gentoo.org | |
| To: | gentoo-announce@lists.gentoo.org | |
| Subject: | [gentoo-announce] [ GLSA 202501-11 ] PHP: Multiple Vulnerabilities | |
| Date: | Thu, 23 Jan 2025 07:26:39 -0000 | |
| Message-ID: | <173761720020.7.13708687953955352187@3f85d36892cf> |
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202501-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: PHP: Multiple Vulnerabilities Date: January 23, 2025 Bugs: #941598 ID: 202501-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been discovered in PHP, the worst of which could lead to arbitrary code execution. Background ========== PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Affected packages ================= Package Vulnerable Unaffected ------------ ------------ ------------- dev-lang/php < 8.1.30:8.1 Vulnerable! < 8.2.24:8.2 >= 8.2.24:8.2 < 8.3.12:8.3 >= 8.3.12:8.3 Description =========== Multiple vulnerabilities have been discovered in PHP. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All PHP users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/php-8.2.24:8.2" # emerge --ask --oneshot --verbose ">=dev-lang/php-8.3.12:8.3" Gentoo has discontinued support for php 8.1: # emerge --ask --verbose --depclean "dev-lang/php:8.1" References ========== [ 1 ] CVE-2024-8925 https://nvd.nist.gov/vuln/detail/CVE-2024-8925 [ 2 ] CVE-2024-8927 https://nvd.nist.gov/vuln/detail/CVE-2024-8927 [ 3 ] CVE-2024-9026 https://nvd.nist.gov/vuln/detail/CVE-2024-9026 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202501-11 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2025 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmeR7y8ACgkQFMQkOaVy +9mqrhAA1jqmbtcT5dBqbNirnwUZXKIPx/C3QE6+qw+29BVsg/c8WS775DXoqAyu qBgYrkWyTviUa+CXjqassB3pnSK9B1cMod1iTJIpI6bGdMs29ixaqbkuPjLXjoyj qM3jKRxAobNGNZ/dSKJAjMYloYxW5gBxpqXvHmXCLYcuSdJkj4S2mH8s2dNY4e/S GwjhTMbjj0MAlhzErYLkaxd2JCXo522eh7VcgDzhXvIGpQwBFsSpeldLjJ9nIode 3U5s4R3JVZWwi8fdXtqvpj78yzA4mi9dnb5ncD9NPET2kfus+YNmEyjRn/MDxL9O fg/AZ4OE9god5pEFetBw5LFtCNcEJLoQf0lwqVzalKbkMV+VK4GfuJLtpUdIlt7b e++JVf2wYXV/UQft/d4MDx1aFmTESoVtCBdH455BkaJEcoRjsKWEjc12ZPxvnJnr ezXrNElQ2YtSrvOmICoAAtgyXapB6Mr8Bq+lQTyqooo0hafuPvvq+yYWH2pWBkR5 8bDBkCw3QbDj0dNknt/GpaB27EfKUN0Nj4ssPV/7tLfx2/Oyvwunlw6OItwvGXAw p0mOk7vZn0fL4jYAt/lGKCl/UowfB/aog2KefrZaaOsPYkd+ypdELOz9JmzwYLGt ebk6Wt6S8GwQCUmFKrLHausdq197N3yK/Eq5vfa6pHkU2Wctv1o= =Wrp6 -----END PGP SIGNATURE-----