Azure Linux 3.0 Security Update: php (CVE-2024-9026)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9026 advisory. - In PHP versions 8.1. before 8.1.30, 8.2. before 8.2.24, 8.3. before 8.3.12, when using PHP-FPM SAPI and it is...

php: underflow in env_path_info in fpm_main.c

In PHP versions 7.1.x below 7.1.33, 7.2.x below 7.2.24 and 7.3.x below 7.3.11 in certain configurations of FPM setup it is possible to cause FPM module to write past allocated buffers into the space reserved for FCGI protocol data, thus opening the possibility of remote code execution...

Internet Bug Bounty: PHP-FPM fpm_log.c memory leak and buffer overflow

The FastCGI Process Manager FPM SAPI of PHP was vulnerable to memory leak and buffer overflow in the access logging feature. PHP-FPM offers customization of the access log lines based on format string variables which can be specified with the access.format option of the FPM configuration file. Th...

SUSE-SU-2015:1253-2 Security update for php5

This security update of PHP fixes the following issues: Security issues fixed: CVE-2015-4024 bnc931421: Fixed multipart/form-data remote DOS Vulnerability. CVE-2015-4026 bnc931776: pcntlexec did not check path validity. CVE-2015-4022 bnc931772: Fixed and overflow in ftpgenlist that resulted in a...