Contains only PHP security fixes and updated apache, lighttpd, curl, openssl components. No changes in Zend Server
Backported PHP CVE fixes
PHP version 7.1.33.23, 7.2.34.19, 7.3.33.11, 7.4.33.6 CVE fixes
CGI
- Fixed bug GHSA-3qgc-jrrr-25jv: Bypass of CVE-2012-1823, Argument Injection in PHP-CGI (CVE-2024-4577)
Filter
- Fixed bug GHSA-w8qr-v226-r27w: Filter bypass in filter_var FILTER_VALIDATE_URL (CVE-2024-5458)
PHP version 7.4.33.6 CVE fix
- Standard
- Fixed bug GHSA-9fcc-425m-g385: Bypass of CVE-2024-1874 (CVE-2024-5585)
- Standard
Known issues
RHEL 8 upgrade may fail with the message:
Problem: cannot install the best update candidate for package liboci8-zend-11.2.0.4-8.x86_64
This problem is related to RHEL RPM package dependency resolving, and cannot be fixed in Zend Server packaging.
Dependency package libaio
from RHEL repository does not install for unknown reasons.
Solution: Enter the following command when this error message has been displayed, and then retry the upgrade.
sudo yum install libaio-0.3.112-1.el8.i686 liboci8-zend