PHP 8.5.1, PHP 8.4.16, 8.3.29, 8.2.30, 8.1.34 Debian packages released

Debian 10711 Published by

Ondřej Surý has released updated PHP packages for Debian GNU/Linux users, including versions from 5.6 to 8.5, addressing security issues across multiple versions. The updates fix three vulnerabilities: command injection via proc_open, CVE-2024-1874; a cookie bypass attack related to CVE-2022-31629 and patched as CVE-2024-2756; and an issue with PHP's password verification function. To add the repository to your Debian installation, you can use a provided script that installs necessary dependencies and configures the repository. Further details on the packages and bug tracker are available at deb.sury.org.





PHP 8.5.1, PHP 8.4.16, 8.3.29, 8.2.30, 8.1.34 Debian packages released

Ondřej Surý has released the latest PHP packages for Debian GNU/Linux users. The updates include PHP 8.5.1, PHP 8.4.16, 8.3.29, 8.2.30, 8.1.34, 8.0.30-18, 7.4.33-24, 7.3.33-28, 7.2.34-59, 7.1.33-72, 7.0.33-84, and 5.6.40-90 for Debian 11 (Bullseye) LTS, Debian 12 (Bookworm), and Debian 13 (Trixie).

Screenshot_from_2025_11_22_09_28_21

These fixes address three security issues across different PHP versions:

First off, there was a vulnerability related to the proc_open function that could allow command injection if an attacker controlled the $command parameter. The updates included a fix for this one. It has CVE-2024-1874 associated with it.

Then there's another problem involving a cookie bypass attack, which targets a specific security gap in older code related to CVE-2022-31629.

Finally, the updates also addressed an issue with PHP's password verification function. It was possible for this system to incorrectly flag valid passwords sometimes, which is obviously a security risk needing a fix.

To add the repository to your Debian installation:

# To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

For further details, please refer to the deb.sury.org website. A dedicated bug tracker for the packages can be accessed here.

ASUS ROG Strix XG27AQWMG Review and more

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...