| Package | php5 |
|---|---|
| Version | 5.6.40+dfsg-0+deb8u21 (jessie) |
| Related CVEs | CVE-2024-8925 CVE-2024-8927 |
Multiple security issues were found in PHP, a widely-used open source
general purpose scripting language, which could result in erroneous
parsing of multipart/form-data or bypass of the cgi.force_direct
directive.
-
CVE-2024-8925: Mihail Kirov discovered an erroneous parsing of multipart form data contained in an HTTP POST request, which could lead to legitimate data not being processed thereby violating data integrity.
-
CVE-2024-8927: It was discovered that the
cgi.force_redirectconfiguration setting is bypassable due to environment variable collision.
For Debian 8 jessie, these problems have been fixed in version 5.6.40+dfsg-0+deb8u21.
We recommend that you upgrade your php5 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.