RLSA-2025:7431

Опубликовано: 04 окт. 2025

Источник: rocky

Оценка: Moderate

Описание

Moderate: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 9

Наименование	Архитектура	Релиз	RPM
php	x86_64	3.el9_6	php-8.0.30-3.el9_6.x86_64.rpm
php-bcmath	x86_64	3.el9_6	php-bcmath-8.0.30-3.el9_6.x86_64.rpm
php-cli	x86_64	3.el9_6	php-cli-8.0.30-3.el9_6.x86_64.rpm
php-common	x86_64	3.el9_6	php-common-8.0.30-3.el9_6.x86_64.rpm
php-dba	x86_64	3.el9_6	php-dba-8.0.30-3.el9_6.x86_64.rpm
php-dbg	x86_64	3.el9_6	php-dbg-8.0.30-3.el9_6.x86_64.rpm
php-devel	x86_64	3.el9_6	php-devel-8.0.30-3.el9_6.x86_64.rpm
php-embedded	x86_64	3.el9_6	php-embedded-8.0.30-3.el9_6.x86_64.rpm
php-enchant	x86_64	3.el9_6	php-enchant-8.0.30-3.el9_6.x86_64.rpm
php-ffi	x86_64	3.el9_6	php-ffi-8.0.30-3.el9_6.x86_64.rpm