RLSA-2025:7489

Опубликовано: 03 окт. 2025

Источник: rocky

Оценка: Important

Описание

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
php: Reference counting in php_request_shutdown causes Use-After-Free (CVE-2024-11235)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
php	x86_64	1.el10_0	php-8.3.19-1.el10_0.x86_64.rpm
php-bcmath	x86_64	1.el10_0	php-bcmath-8.3.19-1.el10_0.x86_64.rpm
php-cli	x86_64	1.el10_0	php-cli-8.3.19-1.el10_0.x86_64.rpm
php-common	x86_64	1.el10_0	php-common-8.3.19-1.el10_0.x86_64.rpm
php-dba	x86_64	1.el10_0	php-dba-8.3.19-1.el10_0.x86_64.rpm
php-dbg	x86_64	1.el10_0	php-dbg-8.3.19-1.el10_0.x86_64.rpm
php-devel	x86_64	1.el10_0	php-devel-8.3.19-1.el10_0.x86_64.rpm
php-embedded	x86_64	1.el10_0	php-embedded-8.3.19-1.el10_0.x86_64.rpm
php-enchant	x86_64	1.el10_0	php-enchant-8.3.19-1.el10_0.x86_64.rpm
php-ffi	x86_64	1.el10_0	php-ffi-8.3.19-1.el10_0.x86_64.rpm