Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2026:0071-1

Опубликовано: 08 янв. 2026
Источник: suse-cvrf

Описание

Security update for php8

This update for php8 fixes the following issues:

Security fixes:

  • CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710).
  • CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711).
  • CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712).

Other fixes:

  • Update to 8.2.30: Curl: Fix curl build and test failures with version 8.16. Opcache: Reset global pointers to prevent use-after-free in zend_jit_status(). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref). (CVE-2025-14180) Standard: Fixed GHSA-www2-q4fc-65wf (Null byte termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7 (Information Leak of Memory in getimagesize). (CVE-2025-14177)

Список пакетов

openSUSE Leap 15.6
apache2-mod_php8-8.2.30-150600.3.25.1
php8-8.2.30-150600.3.25.1
php8-bcmath-8.2.30-150600.3.25.1
php8-bz2-8.2.30-150600.3.25.1
php8-calendar-8.2.30-150600.3.25.1
php8-cli-8.2.30-150600.3.25.1
php8-ctype-8.2.30-150600.3.25.1
php8-curl-8.2.30-150600.3.25.1
php8-dba-8.2.30-150600.3.25.1
php8-devel-8.2.30-150600.3.25.1
php8-dom-8.2.30-150600.3.25.1
php8-embed-8.2.30-150600.3.25.1
php8-enchant-8.2.30-150600.3.25.1
php8-exif-8.2.30-150600.3.25.1
php8-fastcgi-8.2.30-150600.3.25.1
php8-ffi-8.2.30-150600.3.25.1
php8-fileinfo-8.2.30-150600.3.25.1
php8-fpm-8.2.30-150600.3.25.1
php8-fpm-apache-8.2.30-150600.3.25.1
php8-ftp-8.2.30-150600.3.25.1
php8-gd-8.2.30-150600.3.25.1
php8-gettext-8.2.30-150600.3.25.1
php8-gmp-8.2.30-150600.3.25.1
php8-iconv-8.2.30-150600.3.25.1
php8-intl-8.2.30-150600.3.25.1
php8-ldap-8.2.30-150600.3.25.1
php8-mbstring-8.2.30-150600.3.25.1
php8-mysql-8.2.30-150600.3.25.1
php8-odbc-8.2.30-150600.3.25.1
php8-opcache-8.2.30-150600.3.25.1
php8-openssl-8.2.30-150600.3.25.1
php8-pcntl-8.2.30-150600.3.25.1
php8-pdo-8.2.30-150600.3.25.1
php8-pgsql-8.2.30-150600.3.25.1
php8-phar-8.2.30-150600.3.25.1
php8-posix-8.2.30-150600.3.25.1
php8-readline-8.2.30-150600.3.25.1
php8-shmop-8.2.30-150600.3.25.1
php8-snmp-8.2.30-150600.3.25.1
php8-soap-8.2.30-150600.3.25.1
php8-sockets-8.2.30-150600.3.25.1
php8-sodium-8.2.30-150600.3.25.1
php8-sqlite-8.2.30-150600.3.25.1
php8-sysvmsg-8.2.30-150600.3.25.1
php8-sysvsem-8.2.30-150600.3.25.1
php8-sysvshm-8.2.30-150600.3.25.1
php8-test-8.2.30-150600.3.25.1
php8-tidy-8.2.30-150600.3.25.1
php8-tokenizer-8.2.30-150600.3.25.1
php8-xmlreader-8.2.30-150600.3.25.1
php8-xmlwriter-8.2.30-150600.3.25.1
php8-xsl-8.2.30-150600.3.25.1
php8-zip-8.2.30-150600.3.25.1
php8-zlib-8.2.30-150600.3.25.1

Ссылки

Описание

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Затронутые продукты
openSUSE Leap 15.6:apache2-mod_php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bcmath-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bz2-8.2.30-150600.3.25.1
Ссылки

Описание

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

Затронутые продукты
openSUSE Leap 15.6:apache2-mod_php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bcmath-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bz2-8.2.30-150600.3.25.1
Ссылки

Описание

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Затронутые продукты
openSUSE Leap 15.6:apache2-mod_php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bcmath-8.2.30-150600.3.25.1
openSUSE Leap 15.6:php8-bz2-8.2.30-150600.3.25.1
Ссылки