• [SECURITY] [DSA 5660-1] php7.4 security update

    From Moritz Muehlenhoff@21:1/5 to All on Mon Apr 15 21:30:01 2024
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-5660-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff
    April 15, 2024 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : php7.4
    CVE ID : CVE-2023-3823 CVE-2023-3824 CVE-2024-2756 CVE-2024-3096

    Multiple security issues were found in PHP, a widely-used open source
    general purpose scripting language which could result in secure cookie
    bypass, XXE attacks or incorrect validation of password hashes.

    For the oldstable distribution (bullseye), these problems have been fixed
    in version 7.4.33-1+deb11u5.

    We recommend that you upgrade your php7.4 packages.

    For the detailed security status of php7.4 please refer to
    its security tracker page at: https://security-tracker.debian.org/tracker/php7.4

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: debian-security-announce@lists.debian.org
    -----BEGIN PGP SIGNATURE-----

    iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmYdfYIACgkQEMKTtsN8 Tjavcw//TgnidCQ8c0hut2Ni6PP87fZH1uZZM+gAjUxS46UpNjsDtlu9WwXAxH09 +uq0tg/dvKQLkC5W5gnUBiYhiOVoo9U75QP8oK2EYXyswXuEsb9tUhI/hEYr7KYa NHPRbSxZoowi6hKpXXpjoXc/+J9nghykSL9WeADJw4qP6QTclN274IfSujpmx6z+ YqApbtW8wzACmHpdvXfCge09NHiN0Z/U8mpd99JBNIYGJGaSDmGNrnGMzBhOms+P TCqQQZPWgWh4RlggNSlslEadGN1huf1KpdHlPvSEfRavmzloX1Vt+XUrJM47nkD3 y6y5TtckhGm7horXlskSovkNQZoa5G8NhAT1trzhfP07QJWJBrcc8MZzJQYiwlqZ Af/zY8/UcusrJj3Y8BdkfbdWb69PA6sC2qTDuj48p7adgYBZ5YOwmrC4dcwdRd9l aGqnZAhk1htX19Gzt1gYL2wDPMU+2x+F0rbemXGS6UwRmrkSlTiWVka+T5y+JpC8 lLXFR2dwF2KAdUK4dWPd5QUrNb0Tk9dBcEZuyLRevindp7gCKLx/1y/RsrNxT8b1 yW5yUp9jtePFa83+jNyojvURlC0SAgTcwEUhltob4vsTAccZZSza3cxOlqzC7ysN d0TKz20rTZFKreygYyIXfmHHaWoYbiK5IEy1ogOVho9SXUYJ7Mc=
    =ZcwU
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)