Vulnerability Scan Report for registry.suse.com/bci/php-fpm:8.2.20
PHP-FPM 8 container based on the SLE Base Container Image.
registry.suse.com/bci/php-fpm:8.2.20
Last scanned on: March 03, 2025 00:01
PHP-FPM 8 container based on the SLE Base Container Image.
Last scanned on: March 03, 2025 00:01
| Package Name | Severity | Status | Description | Reference links | |
|---|---|---|---|---|---|
| php8 | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:3729-1 Installed Version: 8.2.20-150600.3.3.1 Fixed Version: 8.2.24-150600.3.6.1 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) |
||
| php8 | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:4136-1 Installed Version: 8.2.20-150600.3.3.1 Fixed Version: 8.2.26-150600.3.9.1 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). |
||
| php8-cli | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:3729-1 Installed Version: 8.2.20-150600.3.3.1 Fixed Version: 8.2.24-150600.3.6.1 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) |
||
| php8-cli | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:4136-1 Installed Version: 8.2.20-150600.3.3.1 Fixed Version: 8.2.26-150600.3.9.1 This update for php8 fixes the following issues: - CVE-2024-11233: Single byte overread with convert.quoted-printable-decode filter (bsc#1233702). - CVE-2024-11234: Configuring a proxy in a stream context might allow for CRLF injection in URIs (bsc#1233703). - CVE-2024-8929: Leak partial content of the heap through heap buffer over-read (bsc#1233651). |
||
| php8-curl | MEDIUM | fixed |
Security update for php8 Vulnerability ID: SUSE-SU-2024:3729-1 Installed Version: 8.2.20-150600.3.3.1 Fixed Version: 8.2.24-150600.3.6.1 This update for php8 fixes the following issues: Update to php 8.2.24: - CVE-2024-8925: Fixed erroneous parsing of multipart form data in HTTP POST requests leads to legitimate data not being processed (bsc#1231360) - CVE-2024-8927: Fixed cgi.force_redirect configuration is bypassable due to an environment variable collision (bsc#1231358) - CVE-2024-9026: Fixed pollution of worker output logs in PHP-FPM (bsc#1231382) |
||