CVE-2024-8926
Publication date 8 October 2024
Last updated 9 October 2024
Ubuntu priority
In PHP versions 8.1.* before 8.1.30, 8.2.* before 8.2.24, 8.3.* before 8.3.12, when using a certain non-standard configurations of Windows codepages, the fixes for CVE-2024-4577 https://github.com/advisories/GHSA-vxpp-6299-mxw3 may still be bypassed and the same command injection related to Windows "Best Fit" codepage behavior can be achieved. This may allow a malicious user to pass options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary PHP code on the server, etc.
Status
Package | Ubuntu Release | Status |
---|---|---|
php5 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty |
Not affected
|
|
php7.0 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
php7.2 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
php7.4 | 24.04 LTS noble | Not in release |
22.04 LTS jammy | Not in release | |
20.04 LTS focal |
Not affected
|
|
php8.1 | 24.04 LTS noble | Not in release |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
php8.3 | 24.04 LTS noble |
Not affected
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release |