ELSA-2025-7431

Описание

[8.0.30-3]

• Fix libxml streams use wrong content-type header when requesting a redirected resource CVE-2025-1219
• Fix Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736
• Fix Stream HTTP wrapper truncate redirect location to 1024 bytes CVE-2025-1861
• Fix Streams HTTP wrapper does not fail for headers without colon CVE-2025-1734
• Fix Header parser of http stream wrapper does not handle folded headers CVE-2025-1217

[8.0.30-2]

• Fix Leak partial content of the heap through heap buffer over-read CVE-2024-8929
• Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234
• Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233
• Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927
• Fix Logs from childrens may be altered CVE-2024-9026
• Fix Erroneous parsing of multipart form data CVE-2024-8925
• Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458
• Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756
• Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096

[8.0.30-1]

• rebase to 8.0.30
• Resolves: RHEL-11946