Описание
Moderate: php:7.4 security update
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
-
php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
-
php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
-
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
-
php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
-
php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
-
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
-
php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
-
php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
-
php: pgsql extension does not check for errors during escaping (CVE-2025-1735)
-
php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)
-
php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)
-
php: heap-based buffer overflow in array_merge() (CVE-2025-14178)
-
php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images (CVE-2025-14177)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Затронутые продукты
Rocky Linux 8
Ссылки на источники
Исправления
- Red Hat - 2327960
- Red Hat - 2328521
- Red Hat - 2328523
- Red Hat - 2355917
- Red Hat - 2356041
- Red Hat - 2356042
- Red Hat - 2356043
- Red Hat - 2356046
- Red Hat - 2378689
- Red Hat - 2378690
- Red Hat - 2379792
- Red Hat - 2425625
- Red Hat - 2425626
