It was discovered that PHP incorrectly handled parsing multipart form data.
A remote attacker could possibly use this issue to inject payloads and
cause PHP to ignore legitimate data. (CVE-2024-8925)
It was discovered that PHP incorrectly handled the cgi.force_redirect
configuration option due to environment variable collisions. In certain
configurations, an attacker could possibly use this issue bypass
force_redirect restrictions. (CVE-2024-8927)
It was discovered that PHP-FPM incorrectly handled logging. A remote
attacker could possibly use this issue to alter and inject arbitrary
contents into log files. This issue only affected Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. (CVE-2024-9026)
More Stories
USN-7050-1: Devise-Two-Factor vulnerabilities
Benoit Côté-Jodoin and Michael Nipper discovered that Devise-Two-Factor incorrectly handled one-time password validation. An attacker could possibly use this issue...
USN-7022-2: Linux kernel vulnerabilities
Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This...
USN-7043-2: cups-filters vulnerability
USN-7043-1 fixed a vulnerability in cups-filters. This update provides the corresponding update for Ubuntu 18.04 LTS. Original advisory details: Simone...
USN-7003-5: Linux kernel vulnerabilities
It was discovered that the JFS file system contained an out-of-bounds read vulnerability when printing xattr debug information. A local...
webkitgtk-2.46.1-1.fc39
FEDORA-2024-e1357fc22f Packages in this update: webkitgtk-2.46.1-1.fc39 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...
webkitgtk-2.46.1-1.fc41
FEDORA-2024-b142cc07d0 Packages in this update: webkitgtk-2.46.1-1.fc41 Update description: Fix login QR code not shown in WhatsApp web. Disable PSON by...