RLSA-2026:1628

Опубликовано: 05 фев. 2026

Источник: rocky

Оценка: Important

Описание

Important: php security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: heap-based buffer overflow in array_merge() (CVE-2025-14178)
php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images (CVE-2025-14177)
php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement (CVE-2025-14180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 10

Наименование	Архитектура	Релиз	RPM
php-embedded	x86_64	1.el10_1	php-embedded-8.3.29-1.el10_1.x86_64.rpm
php-gd	x86_64	1.el10_1	php-gd-8.3.29-1.el10_1.x86_64.rpm
php-snmp	x86_64	1.el10_1	php-snmp-8.3.29-1.el10_1.x86_64.rpm
php-ldap	x86_64	1.el10_1	php-ldap-8.3.29-1.el10_1.x86_64.rpm
php-devel	x86_64	1.el10_1	php-devel-8.3.29-1.el10_1.x86_64.rpm
php	x86_64	1.el10_1	php-8.3.29-1.el10_1.x86_64.rpm
php-dbg	x86_64	1.el10_1	php-dbg-8.3.29-1.el10_1.x86_64.rpm
php-soap	x86_64	1.el10_1	php-soap-8.3.29-1.el10_1.x86_64.rpm
php-fpm	x86_64	1.el10_1	php-fpm-8.3.29-1.el10_1.x86_64.rpm
php-mysqlnd	x86_64	1.el10_1	php-mysqlnd-8.3.29-1.el10_1.x86_64.rpm