php:8.3 security update

エラータID: AXSA:2025-11640:01

Release date: 
Friday, December 26, 2025 - 17:56
Subject: 
php:8.3 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: pgsql extension does not check for errors during escaping (CVE-2025-1735)
* php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)
* php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-1220
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
CVE-2025-6491
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.

Modularity name: "php"
Stream name: "8.3"

Solution: 

Update packages.

CVEs: 
CVE-2025-1220
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
CVE-2025-6491
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
Additional Info: 

N/A

Download: 

SRPMS
  1. php-pecl-apcu-5.1.23-1.module+el9+1119+f4d8c36c.src.rpm
    MD5: ff5ce2436dc10aeef958cf610d6bd566
    SHA-256: 779360534287d7463d01899fb3126fca0d5f90e798131e2643916307ee1fa19c
    Size: 101.79 kB
  2. php-pecl-redis6-6.1.0-2.module+el9+1119+f4d8c36c.src.rpm
    MD5: df72610513dc781d838b3e7fd60050ad
    SHA-256: 1d6ee27e8890ffff1fadc50746d689f64985eea70a178fa99dd0518f3abbb69c
    Size: 379.60 kB
  3. php-pecl-rrd-2.0.3-4.module+el9+1119+f4d8c36c.src.rpm
    MD5: a15834d5be20285c9c419061e174cb61
    SHA-256: 1c85e7b914cfb325855c54e586a9538c445903bf6d33f6532e2f916e6c44b960
    Size: 29.67 kB
  4. php-pecl-xdebug3-3.3.1-1.module+el9+1119+f4d8c36c.src.rpm
    MD5: 9fa40240ca1d1cd1859714f5d8dad5d0
    SHA-256: 917fbe2092c89062223f9e22686ef55df9f84785c824ae58b6370bc75c579e2e
    Size: 472.95 kB
  5. php-pecl-zip-1.22.3-1.module+el9+1119+f4d8c36c.src.rpm
    MD5: 3fd6781d794b0f34b091bb42664a718f
    SHA-256: 3287bfde6c1bb0240524de135eb0ca96ad82be4dc1d16f4bf543e97234c9d9ef
    Size: 365.30 kB
  6. php-8.3.26-1.module+el9+1119+f4d8c36c.src.rpm
    MD5: c0d3e7d612b0ea8c5d085d6ebcd50556
    SHA-256: 9bd3f0650c81118b70045f05b1c724b01bce531a72ceb72981b58b52fcb1d2f4
    Size: 12.14 MB

Asianux Server 9 for x86_64
  1. apcu-panel-5.1.23-1.module+el9+1119+f4d8c36c.noarch.rpm
    MD5: 28ce9e5d2bbb993c7d05b921a5c52fed
    SHA-256: bd9f303f42dd81bc9f21f548aa1d50b3671452b44d7228a529fe2090d64bd9e2
    Size: 18.21 kB
  2. php-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: db08f6e0805a4893a23a64026e55241e
    SHA-256: 42faec6047e71533b425ff9b7310962bf0c1fb7d8dd8fa13725872a2675f9fa1
    Size: 7.76 kB
  3. php-bcmath-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 06901f2bc1ac35fb0ee51590d27f03d4
    SHA-256: c14f5f90e28170ff3376d9d39b9a1d3808c0ad98886387d1c8c57da4ae592273
    Size: 33.27 kB
  4. php-cli-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 53f1acfaad1d1e3d563081899445faef
    SHA-256: eb97e1a828b2f185bb98c4438e9fc671de50da3e1a139e7a676fe14f944f5536
    Size: 3.72 MB
  5. php-common-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: e44cf9163c7f185af96fd5d0475b92cb
    SHA-256: 4f2613d424843fcae724c470db5f2ea06890735f4103e0d92f616195ca8a8bbe
    Size: 721.99 kB
  6. php-dba-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: fe1da870ee1c924c8ca1a0aba7491e6f
    SHA-256: 56cb4046b0346bab1222ab0967e97287f64b5519634f677257e5e7fefdf733c5
    Size: 32.46 kB
  7. php-dbg-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 90a01eb09b4a7016ecb387bf940af9fc
    SHA-256: 1d43ca6d83c6e924fb1ec9c126654165b51fb8ac0f474f40e2471cc22e176f77
    Size: 1.92 MB
  8. php-debugsource-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 67f9f04cf6ee1e6d76c61429df59244e
    SHA-256: 336ef72dfce5b8d838fcaf1f52165335c1899cca7f5fdac13514616634c37059
    Size: 4.35 MB
  9. php-devel-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: bfd018fff82e8cae299e0fb609c272ff
    SHA-256: bbe12dfa76fada5f7102db4156e92c0cd40d2bfc2f4310326fe9906f15e6ef8d
    Size: 787.52 kB
  10. php-embedded-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 6d43817235f90be46f1fc996ac4c4bae
    SHA-256: aa25181d7d5125ba5d6c7839e64a1c1084add7b7ddd38e201e41a1995836896f
    Size: 1.83 MB
  11. php-enchant-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 680da9d31e4f3141b6bba26917696873
    SHA-256: 77df1733825a9eab120f0be400c43faef84a8d1f57eeb039d0551abfec8b7261
    Size: 17.31 kB
  12. php-ffi-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 083ed3f6d3fbbd57f0a2657046d1733a
    SHA-256: 90c03293c9c379f71df68e9bf49e0cb965538479a22825e7a76b8067c4582bc5
    Size: 77.71 kB
  13. php-fpm-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 71d7a7ec1c98336150b0b5bcb28d8d6f
    SHA-256: b4de60447e929d724634975508e7513d88359860051ece2b17c43da6a32e31d4
    Size: 1.92 MB
  14. php-gd-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 27bce0618e3efe0d349d5efc98394830
    SHA-256: d1f38d7812bc4a84547229665b89a8157e54cb3511fd5a8ababce1476ee22c8e
    Size: 40.40 kB
  15. php-gmp-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 4dbdb8e180c086dcd70667e459b540ad
    SHA-256: 2aa47b238cc14fe64547cdcf1afed0e08bfc4f3cfae3b682ecac320bef088d26
    Size: 30.20 kB
  16. php-intl-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 149ab1ec2026fceb7f7b9da7bc393cb8
    SHA-256: aec401c5336c00123ae2a67635381afc4cbb338cab125c80ee04051cd642af6f
    Size: 169.03 kB
  17. php-ldap-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: baef46d4fb4a24034dda2d84233e7fff
    SHA-256: 43e3bed51f90649e4eb07b5daae0b65f9f047cb570b0e8714347047f6ef3fb03
    Size: 42.01 kB
  18. php-mbstring-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 0402b804a081d352a99fa1c0dc567621
    SHA-256: 97b205d28769f67be2491d127a33c415b2e226b2b7cbe7e4deefc85c5872e859
    Size: 524.14 kB
  19. php-mysqlnd-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: b5b8fdb6c18123843728b5080a6d7678
    SHA-256: cb06210f73cd6b5b9ab48dba22eecbfd9677bcdce777c172b8c4074833b1325c
    Size: 143.77 kB
  20. php-odbc-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 1aa60f77fc9569440301bd5776176ca6
    SHA-256: 0e6d2fcf029a5d7682f2688f95022e52d3c3686cb47abdf9918c217a5bad9f6f
    Size: 45.34 kB
  21. php-opcache-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 5c88e8d9edc6a3f229a21fb60724c2fd
    SHA-256: f616144e03ed1833e05f7d96326332612f820fe1cd398b76ff687cb8f1170378
    Size: 353.05 kB
  22. php-pdo-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: c54e620cd898a0cac460a93a1a662b57
    SHA-256: 96dba1bba4619c3a6b328bdaaaeff08a6510a17b4da22cca957f4f7fa62e15a0
    Size: 85.89 kB
  23. php-pecl-apcu-5.1.23-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 342cc320d330aef4a3f5c27705735bd1
    SHA-256: 3e39f7da37dc67ea526c29646b48853150264ba6c82c4077d6adc35c197c06df
    Size: 59.41 kB
  24. php-pecl-apcu-debugsource-5.1.23-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: f0df16b25d1a39bc8a684c0032e52790
    SHA-256: 2ec9d2e622914e4c219c0fbee6d7ff4903a4e5e38c06e59dbe5875223e8a306f
    Size: 52.55 kB
  25. php-pecl-apcu-devel-5.1.23-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 3b3429d42dbd1276c49e7b8e48d38514
    SHA-256: d74ba43c786e9d28efcd35aff149ae6850e3c7a1b74e0cbbbc073e8a52a05cb9
    Size: 61.65 kB
  26. php-pecl-redis6-6.1.0-2.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 1617df3fd4eee853604455b7bb8a7387
    SHA-256: 27b8b4936bc18fce451bd11812b8e18c4fd60f7ff2a5af18a8eb25d56f889756
    Size: 274.00 kB
  27. php-pecl-redis6-debugsource-6.1.0-2.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: e145fb5fd12a2e92e193aa470b2e2d7d
    SHA-256: 7b667493f96e1cc8f2fbd7445c1fa6a2739d83852aecc5c20479b7787b06ce7e
    Size: 151.45 kB
  28. php-pecl-rrd-2.0.3-4.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: d9fb7b0cfce63920f53cd669fb936b75
    SHA-256: 291935ac61ed3db3b47373deae0252cde3ec9eecfd2fc40c7e676340b3319ab7
    Size: 26.44 kB
  29. php-pecl-rrd-debugsource-2.0.3-4.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: aab8700889d47db18224a214234b146c
    SHA-256: 0c4cc78c07615f0110f34074556ac9147303cb38dc9478b8dd7ce085c8a002cd
    Size: 17.68 kB
  30. php-pecl-xdebug3-3.3.1-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 86e60a27e51e531b6f8aee45e0d83eb7
    SHA-256: bbffcb65f2adc176a9c95d090f59f20b09aa64e19f2d49675bbaf592e3e78636
    Size: 209.65 kB
  31. php-pecl-xdebug3-debugsource-3.3.1-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 52a1d2eb44f3838637db054eeecad486
    SHA-256: 43b0213c0b1754be8b247a3f5c2c600f31f82228b102058e1ddc71616ad483f5
    Size: 165.98 kB
  32. php-pecl-zip-1.22.3-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: b64a6493098cf99c64628661a49b1653
    SHA-256: 3b4eae24fee4c6269ea131e49c56de348cc2a647295bdf55b7d5cbc4d0aece4c
    Size: 63.44 kB
  33. php-pecl-zip-debugsource-1.22.3-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 6183163cf12d6f4f5e9132dfbbb039ad
    SHA-256: 1f60340d1a3d08088b42798bc66950ed35b4f4b0646e8fdafc7aee94c8c7fd41
    Size: 30.79 kB
  34. php-pgsql-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: c09bd8eb34b0e79b4b27e36d312e9b21
    SHA-256: ae0fe131ab862c50f164622c777a8de84637b8838ac298f015ae9da67c29007e
    Size: 74.50 kB
  35. php-process-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: fbdbf18e2ec9b2f848af8754b9eb1dc6
    SHA-256: 0f70645cdc5f4521ed4d172b4abe67b91d82bbc9c8dc68ee8e863dc96f4231f7
    Size: 41.60 kB
  36. php-snmp-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 39cde572e2ac4cca1119732193882d91
    SHA-256: aef2cd0d7d1e55a164cf741aba7acc5f6290a22205d3ff88fd4c087f745f23db
    Size: 31.12 kB
  37. php-soap-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 73f44f13256049864616594df9bfd121
    SHA-256: 524624ed9ce252763f727d8e0d1108976f79c737baeab0fe0eb78f8cd244ac86
    Size: 140.95 kB
  38. php-xml-8.3.26-1.module+el9+1119+f4d8c36c.x86_64.rpm
    MD5: 274ecd164c2733f8c34cb7847af67367
    SHA-256: 44f2c2f68151cd297fdb3e299006140cf3daa6577df8e0e28376cf2cc05f6027
    Size: 150.33 kB