| Package | php7.0 |
|---|---|
| Version | 7.0.33-0+deb9u19 (stretch) |
| Related CVEs | CVE-2024-8925 CVE-2024-8927 |
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language, which could result in erroneous
parsing of multipart/form-data or bypass of the cgi.force_direct
directive.
-
CVE-2024-8925: Mihail Kirov discovered an erroneous parsing of multipart form data contained in an HTTP POST request, which could lead to legitimate data not being processed thereby violating data integrity.
-
CVE-2024-8927: It was discovered that the
cgi.force_redirectconfiguration setting is bypassable due to environment variable collision.
For Debian 9 stretch, these problems have been fixed in version 7.0.33-0+deb9u19.
We recommend that you upgrade your php7.0 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.