Hi,
This webpage is in french : https://www.cert.ssi.gouv.fr/avis/CERTFR-2024-AVI-0300/
however with https://deepl.com it is easy:
Risk(s)
Not specified by the publisher
Execution of arbitrary code
Denial of service
Security policy bypass
Systems affected
PHP versions 8.1.x prior to 8.1.28
PHP versions 8.2.x prior to 8.2.18
PHP versions 8.3.x prior to 8.3.6
Summary
Multiple vulnerabilities have been discovered in PHP. Some of them allow an attacker to cause a security issue not specified by the vendor, arbitrary code execution and a denial of service.
Kind regards
Phil
Offline
As the links to the cve.org beta site in that French page currently lead to nowhere at least until the CVEs are published (maybe longer as cve.org is beta and not fully functional yet), they can be looked up in the Debian security tracker. Details in the Notes sections link to the PHP security advisories:
https://security-tracker.debian.org/tra … -2024-1874
https://security-tracker.debian.org/tra … -2024-2756
https://security-tracker.debian.org/tra … -2024-3096
https://security-tracker.debian.org/tra … -2024-2757
Offline