SUSE-CU-2024:5246-1: Security update of bci/php

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Mon Oct 21 07:05:10 UTC 2024 

SUSE Container Update Advisory: bci/php
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:5246-1
Container Tags        : bci/php:8 , bci/php:8-44.6 , bci/php:8.2.24 , bci/php:8.2.24-44.6 , bci/php:latest
Container Release     : 44.6
Severity              : moderate
Type                  : security
References            : 1231051 1231358 1231360 1231382 CVE-2024-8925 CVE-2024-8927 CVE-2024-9026
-----------------------------------------------------------------

The container bci/php was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2024:3726-1
Released:    Fri Oct 18 11:56:40 2024
Summary:     Recommended update for glibc
Type:        recommended
Severity:    moderate
References:  1231051
This update for glibc fixes the following issue:

- Apply libc_nonshared.a workaround on s390x and ppc64le architectures (bsc#1231051).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:3729-1
Released:    Fri Oct 18 15:22:50 2024
Summary:     Security update for php8
Type:        security
Severity:    moderate
References:  1231358,1231360,1231382,CVE-2024-8925,CVE-2024-8927,CVE-2024-9026
This update for php8 fixes the following issues:
    
Update to php 8.2.24:

- CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) 
- CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) 
- CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) 
 


The following package changes have been done:

- glibc-2.38-150600.14.14.2 updated
- php8-cli-8.2.24-150600.3.6.1 updated
- php8-8.2.24-150600.3.6.1 updated
- php8-openssl-8.2.24-150600.3.6.1 updated
- php8-mbstring-8.2.24-150600.3.6.1 updated
- php8-zlib-8.2.24-150600.3.6.1 updated
- php8-readline-8.2.24-150600.3.6.1 updated
- php8-curl-8.2.24-150600.3.6.1 updated
- php8-phar-8.2.24-150600.3.6.1 updated
- php8-zip-8.2.24-150600.3.6.1 updated
- container:registry.suse.com-bci-bci-base-15.6-8bd5b3d24a4bbf4607011ee557020c44a59b1199c2ad252a4cba3c6cebdabaaf-0 updated

More information about the sle-container-updates mailing list