Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:02474-1

Опубликовано: 23 июл. 2025
Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

Version update to 8.2.29:

  • CVE-2025-1220: Fixed null byte termination in hostnames (bsc#1246167)
  • CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping (bsc#1246146)
  • CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (bsc#1246148)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 15 SP6
apache2-mod_php8-8.2.29-150600.3.19.1
php8-8.2.29-150600.3.19.1
php8-bcmath-8.2.29-150600.3.19.1
php8-bz2-8.2.29-150600.3.19.1
php8-calendar-8.2.29-150600.3.19.1
php8-cli-8.2.29-150600.3.19.1
php8-ctype-8.2.29-150600.3.19.1
php8-curl-8.2.29-150600.3.19.1
php8-dba-8.2.29-150600.3.19.1
php8-devel-8.2.29-150600.3.19.1
php8-dom-8.2.29-150600.3.19.1
php8-embed-8.2.29-150600.3.19.1
php8-enchant-8.2.29-150600.3.19.1
php8-exif-8.2.29-150600.3.19.1
php8-fastcgi-8.2.29-150600.3.19.1
php8-fileinfo-8.2.29-150600.3.19.1
php8-fpm-8.2.29-150600.3.19.1
php8-ftp-8.2.29-150600.3.19.1
php8-gd-8.2.29-150600.3.19.1
php8-gettext-8.2.29-150600.3.19.1
php8-gmp-8.2.29-150600.3.19.1
php8-iconv-8.2.29-150600.3.19.1
php8-intl-8.2.29-150600.3.19.1
php8-ldap-8.2.29-150600.3.19.1
php8-mbstring-8.2.29-150600.3.19.1
php8-mysql-8.2.29-150600.3.19.1
php8-odbc-8.2.29-150600.3.19.1
php8-opcache-8.2.29-150600.3.19.1
php8-openssl-8.2.29-150600.3.19.1
php8-pcntl-8.2.29-150600.3.19.1
php8-pdo-8.2.29-150600.3.19.1
php8-pgsql-8.2.29-150600.3.19.1
php8-phar-8.2.29-150600.3.19.1
php8-posix-8.2.29-150600.3.19.1
php8-readline-8.2.29-150600.3.19.1
php8-shmop-8.2.29-150600.3.19.1
php8-snmp-8.2.29-150600.3.19.1
php8-soap-8.2.29-150600.3.19.1
php8-sockets-8.2.29-150600.3.19.1
php8-sodium-8.2.29-150600.3.19.1
php8-sqlite-8.2.29-150600.3.19.1
php8-sysvmsg-8.2.29-150600.3.19.1
php8-sysvsem-8.2.29-150600.3.19.1
php8-sysvshm-8.2.29-150600.3.19.1
php8-test-8.2.29-150600.3.19.2
php8-tidy-8.2.29-150600.3.19.1
php8-tokenizer-8.2.29-150600.3.19.1
php8-xmlreader-8.2.29-150600.3.19.1
php8-xmlwriter-8.2.29-150600.3.19.1
php8-xsl-8.2.29-150600.3.19.1
php8-zip-8.2.29-150600.3.19.1
php8-zlib-8.2.29-150600.3.19.1
openSUSE Leap 15.6
apache2-mod_php8-8.2.29-150600.3.19.1
php8-8.2.29-150600.3.19.1
php8-bcmath-8.2.29-150600.3.19.1
php8-bz2-8.2.29-150600.3.19.1
php8-calendar-8.2.29-150600.3.19.1
php8-cli-8.2.29-150600.3.19.1
php8-ctype-8.2.29-150600.3.19.1
php8-curl-8.2.29-150600.3.19.1
php8-dba-8.2.29-150600.3.19.1
php8-devel-8.2.29-150600.3.19.1
php8-dom-8.2.29-150600.3.19.1
php8-embed-8.2.29-150600.3.19.1
php8-enchant-8.2.29-150600.3.19.1
php8-exif-8.2.29-150600.3.19.1
php8-fastcgi-8.2.29-150600.3.19.1
php8-ffi-8.2.29-150600.3.19.1
php8-fileinfo-8.2.29-150600.3.19.1
php8-fpm-8.2.29-150600.3.19.1
php8-fpm-apache-8.2.29-150600.3.19.1
php8-ftp-8.2.29-150600.3.19.1
php8-gd-8.2.29-150600.3.19.1
php8-gettext-8.2.29-150600.3.19.1
php8-gmp-8.2.29-150600.3.19.1
php8-iconv-8.2.29-150600.3.19.1
php8-intl-8.2.29-150600.3.19.1
php8-ldap-8.2.29-150600.3.19.1
php8-mbstring-8.2.29-150600.3.19.1
php8-mysql-8.2.29-150600.3.19.1
php8-odbc-8.2.29-150600.3.19.1
php8-opcache-8.2.29-150600.3.19.1
php8-openssl-8.2.29-150600.3.19.1
php8-pcntl-8.2.29-150600.3.19.1
php8-pdo-8.2.29-150600.3.19.1
php8-pgsql-8.2.29-150600.3.19.1
php8-phar-8.2.29-150600.3.19.1
php8-posix-8.2.29-150600.3.19.1
php8-readline-8.2.29-150600.3.19.1
php8-shmop-8.2.29-150600.3.19.1
php8-snmp-8.2.29-150600.3.19.1
php8-soap-8.2.29-150600.3.19.1
php8-sockets-8.2.29-150600.3.19.1
php8-sodium-8.2.29-150600.3.19.1
php8-sqlite-8.2.29-150600.3.19.1
php8-sysvmsg-8.2.29-150600.3.19.1
php8-sysvsem-8.2.29-150600.3.19.1
php8-sysvshm-8.2.29-150600.3.19.1
php8-test-8.2.29-150600.3.19.2
php8-tidy-8.2.29-150600.3.19.1
php8-tokenizer-8.2.29-150600.3.19.1
php8-xmlreader-8.2.29-150600.3.19.1
php8-xmlwriter-8.2.29-150600.3.19.1
php8-xsl-8.2.29-150600.3.19.1
php8-zip-8.2.29-150600.3.19.1
php8-zlib-8.2.29-150600.3.19.1

Описание

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.


Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:apache2-mod_php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bcmath-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bz2-8.2.29-150600.3.19.1

Ссылки

Описание

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.


Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:apache2-mod_php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bcmath-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bz2-8.2.29-150600.3.19.1

Ссылки

Описание

In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.


Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:apache2-mod_php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bcmath-8.2.29-150600.3.19.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP6:php8-bz2-8.2.29-150600.3.19.1

Ссылки
Уязвимость SUSE-SU-2025:02474-1