SB2024101879 - SUSE update for php7
Published: October 18, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 secuirty vulnerabilities.
1) Input validation error (CVE-ID: CVE-2024-8925)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient validation of user-supplied input when parsing multipart form data. A remote attacker can pass specially crafted input to the application and bypass implemented security restrictions.
2) Security features bypass (CVE-ID: CVE-2024-8927)
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to environment variable collision, which can lead to cgi.force_redirect bypass. A remote attacker can bypass implemented security restriction and gain unauthorized access to the application.
3) Insufficient Logging (CVE-ID: CVE-2024-9026)
The vulnerability allows an attacker to alter log files.
The vulnerability exists due to an unspecified error, which can lead to logs from child processes to be altered.
Remediation
Install update from vendor's website.