====================================================================

                                  CERT-Renater

                      Note d'Information No. 2024/VULN401
_____________________________________________________________________

DATE                : 03/10/2024

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running PHP versions prior to 8.3.12,
                                     8.2.24, 8.1.30.

=====================================================================
https://www.php.net/ChangeLog-8.php#8.2.24
https://www.php.net/ChangeLog-8.php#8.3.12
https://www.php.net/ChangeLog-8.php#8.1.30
_____________________________________________________________________

Version 8.2.24
26 Sep 2024

     CGI:
         Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577,
Parameter Injection Vulnerability). (CVE-2024-8926)
         Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect
configuration is bypassable due to the environment variable
collision). (CVE-2024-8927)
     Core:
         Fixed bug GH-15408 (MSan false-positve on
zend_max_execution_timer).
         Fixed bug GH-15515 (Configure error grep illegal option q).
         Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
         Fixed bug GH-15565 (--disable-ipv6 during compilation
produces error EAI_SYSTEM not found).
         Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
         Fixed bug GH-15330 (Do not scan generator frames more than
once).
         Fixed uninitialized lineno in constant AST of internal
enums.

     Curl:
         FIxed bug GH-15547 (curl_multi_select overflow on timeout
argument).

     DOM:
         Fixed bug GH-15551 (Segmentation fault (access null pointer)
in ext/dom/xml_common.h).

     Fileinfo:
         Fixed bug GH-15752 (Incorrect error message for finfo_file
with an empty filename argument).

     FPM:
         Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be
altered). (CVE-2024-9026)

     MySQLnd:
         Fixed bug GH-15432 (Heap corruption when querying a vector).

     Opcache:
         Fixed bug GH-15661 (Access null pointer in
Zend/Optimizer/zend_inference.c).
         Fixed bug GH-15658 (Segmentation fault in
Zend/zend_vm_execute.h).

     SAPI:
         Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of
multipart form data). (CVE-2024-8925)

     SOAP:
         Fixed bug #73182 (PHP SOAPClient does not support
stream context HTTP headers in array form).

     Standard:
         Fixed bug GH-15552 (Signed integer overflow in
ext/standard/scanf.c).

     Streams:
         Fixed bug GH-15628 (php_stream_memory_get_buffer() not
zero-terminated).


_____________________________________________________________________

Version 8.3.12

26 Sep 2024

     CGI:
         Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577,
Parameter Injection Vulnerability). (CVE-2024-8926)
         Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect configuration
is bypassable due to the environment variable collision).
(CVE-2024-8927)

     Core:
         Fixed bug GH-15408 (MSan false-positve on
zend_max_execution_timer).
         Fixed bug GH-15515 (Configure error grep illegal
option q).
         Fixed bug GH-15514 (Configure error: genif.sh: syntax error).
         Fixed bug GH-15565 (--disable-ipv6 during compilation
produces error EAI_SYSTEM not found).
         Fixed bug GH-15587 (CRC32 API build error on arm 32-bit).
         Fixed bug GH-15330 (Do not scan generator frames more than
once).
         Fixed uninitialized lineno in constant AST of internal
enums.

     Curl:
         FIxed bug GH-15547 (curl_multi_select overflow on timeout
argument).

     DOM:
         Fixed bug GH-15551 (Segmentation fault (access null pointer)
in ext/dom/xml_common.h).
         Fixed bug GH-15654 (Signed integer overflow in ext/dom/nodelist.c).

     Fileinfo:
         Fixed bug GH-15752 (Incorrect error message for finfo_file
with an empty filename argument).

     FPM:
         Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be
altered). (CVE-2024-9026)

     MySQLnd:
         Fixed bug GH-15432 (Heap corruption when querying a vector).

     Opcache:
         Fixed bug GH-15661 (Access null pointer in
Zend/Optimizer/zend_inference.c).
         Fixed bug GH-15658 (Segmentation fault in end/zend_vm_execute.h).

     SAPI:
         Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of
multipart form data). (CVE-2024-8925)

     Standard:
         Fixed bug GH-15552 (Signed integer overflow in
ext/standard/scanf.c).

     Streams:
         Fixed bug GH-15628 (php_stream_memory_get_buffer()
not zero-terminated).

_____________________________________________________________________

Version 8.1.30
26 Sep 2024

     CGI:
         Fixed bug GHSA-p99j-rfp4-xqvq (Bypass of CVE-2024-4577,
Parameter Injection Vulnerability). (CVE-2024-8926)
         Fixed bug GHSA-94p6-54jq-9mwp (cgi.force_redirect
configuration is bypassable due to the environment variable
collision). (CVE-2024-8927)

     FPM:
         Fixed bug GHSA-865w-9rf3-2wh5 (Logs from childrens may be
altered). (CVE-2024-9026)

     SAPI:
         Fixed bug GHSA-9pqp-7h25-4f32 (Erroneous parsing of multipart
form data). (CVE-2024-8925)


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================