Описание
Security update for php7
This update for php7 fixes the following issues:
- CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666)
- CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664)
- CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667)
- CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668)
- CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670)
- CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669)
Список пакетов
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise Module for Legacy 15 SP6
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise Module for Package Hub 15 SP6
php7-embed-7.4.33-150400.4.48.1
SUSE Linux Enterprise Server 15 SP4-LTSS
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise Server 15 SP5-LTSS
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
SUSE Linux Enterprise Server for SAP Applications 15 SP5
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
openSUSE Leap 15.6
apache2-mod_php7-7.4.33-150400.4.48.1
php7-7.4.33-150400.4.48.1
php7-bcmath-7.4.33-150400.4.48.1
php7-bz2-7.4.33-150400.4.48.1
php7-calendar-7.4.33-150400.4.48.1
php7-cli-7.4.33-150400.4.48.1
php7-ctype-7.4.33-150400.4.48.1
php7-curl-7.4.33-150400.4.48.1
php7-dba-7.4.33-150400.4.48.1
php7-devel-7.4.33-150400.4.48.1
php7-dom-7.4.33-150400.4.48.1
php7-embed-7.4.33-150400.4.48.1
php7-enchant-7.4.33-150400.4.48.1
php7-exif-7.4.33-150400.4.48.1
php7-fastcgi-7.4.33-150400.4.48.1
php7-fileinfo-7.4.33-150400.4.48.1
php7-fpm-7.4.33-150400.4.48.1
php7-ftp-7.4.33-150400.4.48.1
php7-gd-7.4.33-150400.4.48.1
php7-gettext-7.4.33-150400.4.48.1
php7-gmp-7.4.33-150400.4.48.1
php7-iconv-7.4.33-150400.4.48.1
php7-intl-7.4.33-150400.4.48.1
php7-json-7.4.33-150400.4.48.1
php7-ldap-7.4.33-150400.4.48.1
php7-mbstring-7.4.33-150400.4.48.1
php7-mysql-7.4.33-150400.4.48.1
php7-odbc-7.4.33-150400.4.48.1
php7-opcache-7.4.33-150400.4.48.1
php7-openssl-7.4.33-150400.4.48.1
php7-pcntl-7.4.33-150400.4.48.1
php7-pdo-7.4.33-150400.4.48.1
php7-pgsql-7.4.33-150400.4.48.1
php7-phar-7.4.33-150400.4.48.1
php7-posix-7.4.33-150400.4.48.1
php7-readline-7.4.33-150400.4.48.1
php7-shmop-7.4.33-150400.4.48.1
php7-snmp-7.4.33-150400.4.48.1
php7-soap-7.4.33-150400.4.48.1
php7-sockets-7.4.33-150400.4.48.1
php7-sodium-7.4.33-150400.4.48.1
php7-sqlite-7.4.33-150400.4.48.1
php7-sysvmsg-7.4.33-150400.4.48.1
php7-sysvsem-7.4.33-150400.4.48.1
php7-sysvshm-7.4.33-150400.4.48.1
php7-test-7.4.33-150400.4.48.1
php7-tidy-7.4.33-150400.4.48.1
php7-tokenizer-7.4.33-150400.4.48.1
php7-xmlreader-7.4.33-150400.4.48.1
php7-xmlrpc-7.4.33-150400.4.48.1
php7-xmlwriter-7.4.33-150400.4.48.1
php7-xsl-7.4.33-150400.4.48.1
php7-zip-7.4.33-150400.4.48.1
php7-zlib-7.4.33-150400.4.48.1
Ссылки
- Link for SUSE-SU-2025:1025-1
- E-Mail link for SUSE-SU-2025:1025-1
- SUSE Security Ratings
- SUSE Bug 1239664
- SUSE Bug 1239666
- SUSE Bug 1239667
- SUSE Bug 1239668
- SUSE Bug 1239669
- SUSE Bug 1239670
- SUSE CVE CVE-2024-11235 page
- SUSE CVE CVE-2025-1217 page
- SUSE CVE CVE-2025-1219 page
- SUSE CVE CVE-2025-1734 page
- SUSE CVE CVE-2025-1736 page
- SUSE CVE CVE-2025-1861 page
Описание
In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2024-11235
- SUSE Bug 1239666
Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2025-1217
- SUSE Bug 1239664
Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2025-1219
- SUSE Bug 1239667
Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2025-1734
- SUSE Bug 1239668
Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2025-1736
- SUSE Bug 1239670
Описание
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:apache2-mod_php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bcmath-7.4.33-150400.4.48.1
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:php7-bz2-7.4.33-150400.4.48.1
Ссылки
- CVE-2025-1861
- SUSE Bug 1239669