| Package | php7.3 |
|---|---|
| Version | 7.3.31-1~deb10u8 (buster) |
| Related CVEs | CVE-2024-8925 CVE-2024-8927 |
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language, which could result in erroneous
parsing of multipart/form-data or bypass of the cgi.force_direct
directive.
-
CVE-2024-8925: Mihail Kirov discovered an erroneous parsing of multipart form data contained in an HTTP POST request, which could lead to legitimate data not being processed thereby violating data integrity.
-
CVE-2024-8927: It was discovered that the
cgi.force_redirectconfiguration setting is bypassable due to environment variable collision.
For Debian 10 buster, these problems have been fixed in version 7.3.31-1~deb10u8.
We recommend that you upgrade your php7.3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.