php-5.4.16-48.0.6.el7.AXS7

エラータID: AXSA:2025-10014:03

Release date: 
Monday, June 16, 2025 - 11:36
Subject: 
php-5.4.16-48.0.6.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language. PHP attempts to make it
easy for developers to write dynamically generated web pages. PHP also
offers built-in database integration for several commercial and
non-commercial database management systems, so writing a
database-enabled webpage with PHP is fairly simple. The most common
use of PHP coding is probably as a replacement for CGI scripts.

The php package contains the module (often referred to as mod_php)
which adds support for the PHP language to Apache HTTP Server.

Security Fix(es):

* CVE-2025-1217: fix handling of folded headers by the http stream parser
* CVE-2025-1734: fix validation of http headers with missing colon
* CVE-2025-1861: fix incorrect http redirect location truncation

CVE(s):
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1861
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
CVE-2025-1734
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. php-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 6848e7ecf7880cfb29f17217a223368e
    SHA-256: 54b27d457b2f6e1c6263951694c28056ae90d42256a7cb0554d594096e80e06b
    Size: 1.36 MB
  2. php-bcmath-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: d64001a5ada036fb523f3d711072ac06
    SHA-256: 9e08215206843870f3261dce5d07127b15e30e84e13fb78c29d39d9610862bfb
    Size: 59.71 kB
  3. php-cli-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 6fce430a562b6d097a93da94d0d6d771
    SHA-256: edbe9153c6f39926ba72c03406a111b913093d31f058aac06c746fca63a6e43e
    Size: 2.75 MB
  4. php-common-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 374aec43a4695eab5053d4d68bd51504
    SHA-256: dcdf62d7e8d5141bfc08a76fb53d35b9dfc2f6acaad55ddbd91c83013c30d77d
    Size: 566.94 kB
  5. php-gd-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 043e52ba4e6f5a9339454a86e14e737f
    SHA-256: 1db44acbf8d9fb6a9b36adb473723c278c621867770264529b609c9a7b5d9dda
    Size: 129.57 kB
  6. php-ldap-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: acdf0695281131f9fd77fc37ffd1e684
    SHA-256: 016983511aa4b6e9ab76b1e172d015eb84d84fa2ebf8f65095ba911a37916b48
    Size: 54.68 kB
  7. php-mbstring-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 6c253ee50d2bea56dbd6c090e1e82c9b
    SHA-256: 2bd732ec0939fcbd6fc1ecd8e31dad6a88240f12f9159f0b29181cf6f5780252
    Size: 507.16 kB
  8. php-mysql-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 49cfafa84237239026dc284c687928b4
    SHA-256: baebe28b48cb6686c036513cd754c5e830655989c924f85dd9185a790e2b8cea
    Size: 103.31 kB
  9. php-odbc-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 452797efc727107d4d0b6ce355ba1d86
    SHA-256: 2a51cca92fb380eef728a9190964240222e7f4871a180b20de9d1e432ebd9d16
    Size: 67.58 kB
  10. php-pdo-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 7fb8f703ff551f594f2bd01403c85dcf
    SHA-256: 35ea62d09bd3e63364fe37e4d4b64ae91cac9e26357bdd3db4ae6e46bb596933
    Size: 100.91 kB
  11. php-pgsql-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 0af5d615ee82e11f0e42642cd2580870
    SHA-256: fb40f4db8a7f28a66910481145337416647211168983082d4eb116ce4cbbe7db
    Size: 88.16 kB
  12. php-process-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: d9c53232348b474aabfd8e3832ca9c0a
    SHA-256: c293cdbdfe53ea812582718b998a9d833ef99238d9b88d4a4dd7b3a3679d2405
    Size: 57.98 kB
  13. php-recode-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 0cabd1b1badd37f1255de199ef7aaf46
    SHA-256: 39105d75ed30c97f50ffa3276edc32f2f8ae8844eb4b7f4faa7d58ad3854abd6
    Size: 40.63 kB
  14. php-soap-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: ae1a2409a4735db2793ec8363db0facd
    SHA-256: 8d636e20cfde93f3e1a65d6bcb3075cf3ddb0bbbc222127864efad2e19867996
    Size: 160.86 kB
  15. php-xml-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: e268bd8549c23ee11576491edb0f691b
    SHA-256: 5b0f56edbcef29f1091fa4929706052b76d06f9202960a5d82eef91edf04d9f8
    Size: 129.21 kB
  16. php-xmlrpc-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
    MD5: 181efd89d9f804519088266af53e1440
    SHA-256: 9455c0f910dfad37c93b3da51cb71cb72530b6b225819587632515bb2d684108
    Size: 70.26 kB