[security - medium] php:8.1 security update, php-pecl-zip-1.20.1-1.module+el9+1083+e013c29a, php-8.1.32-1.module+el9+1083+e013c29a
エラータID: AXSA:2025-9901:01
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP
Server.
Security Fix(es):
php: Leak partial content of the heap through heap buffer over-read in mysqlnd
(CVE-2024-8929)
php: Single byte overread with convert.quoted-printable-decode filter
(CVE-2024-11233)
php: Configuring a proxy in a stream context might allow for CRLF injection in
URIs (CVE-2024-11234)
php: Header parser of http stream wrapper does not handle folded headers
(CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header
(CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no
colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a redirected
resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes
(CVE-2025-1861)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.
CVE(s):
CVE-2025-1217
CVE-2025-1734
CVE-2024-11233
CVE-2024-11234
CVE-2025-1861
CVE-2025-1736
CVE-2025-1219
CVE-2024-8929
Modularity name: "php"
Stream name: "8.1"
Update packages.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
N/A
SRPMS
- php-pecl-apcu-5.1.21-1.module+el9+1083+e013c29a.src.rpm
MD5: a4d415b12dd578b9e31ce59446ab92d8
SHA-256: 751439e19af1522ef864de010844a451529ccdfe9e229faafd61bb981b7f97dc
Size: 102.55 kB - php-pecl-rrd-2.0.3-4.module+el9+1083+e013c29a.src.rpm
MD5: ba64a4bf06880b9e6812fc6359096c2f
SHA-256: 12c2e8dd50bd448467a8994069a9433f8ce15e441a35a04b80947e3b02b7d6ae
Size: 29.67 kB - php-pecl-xdebug3-3.1.4-1.module+el9+1083+e013c29a.src.rpm
MD5: ff57af897eea991aa15be6fc4b933d5f
SHA-256: 7b031f3cc0eb88676d510444859a1e0cfa2a65c0250de3a500f6aa6bfb944ea7
Size: 434.61 kB - php-pecl-zip-1.20.1-1.module+el9+1083+e013c29a.src.rpm
MD5: e27e9fa1ec01474e2fe4c3f64a6c35b6
SHA-256: 95c75b3bf848a1558d51fba3722041b8717bb79e6292f56ff4e1eddfea3dec29
Size: 353.14 kB - php-8.1.32-1.module+el9+1083+e013c29a.src.rpm
MD5: 9b7321cc2b5d4de218e73b69096bd617
SHA-256: d90bca9b9111c4641dcba77cb7496969d2bbb53179f98e3cc13d4f4157c25d0a
Size: 11.47 MB
Asianux Server 9 for x86_64
- apcu-panel-5.1.21-1.module+el9+1083+e013c29a.noarch.rpm
MD5: a029630071726c161d06f45774574f50
SHA-256: 66827f8db47a8ea26dc00f6080ea70f33d299b6d690133b1600640c8e87c0b75
Size: 18.69 kB - php-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 804ae406d0cc5f4906196a18a243b3eb
SHA-256: 2465745fe65484400320df466d1191922b18ce3bca9599372a5840be0b02f499
Size: 7.17 kB - php-bcmath-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 1022a07ea636abc6a98e3ec1e3d1281e
SHA-256: ff7fe35b1f62c59bb611a8311ca799b6fba17fdea07ea19468f502acbe5a62d1
Size: 32.57 kB - php-cli-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: c23448703ffc3f92b4ef114f8cd63df4
SHA-256: e7e927b5cbc7f6f8f736fb9a26da9aa29c932803708d3fd784e4f14943430529
Size: 3.49 MB - php-common-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: b99450f450ac695e165ffb73121645a4
SHA-256: bed61495ed37edda209289f16aac5d27e75646ac2c04c2d737f2464ed8427094
Size: 689.21 kB - php-dba-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 9057c19c6fead3a6c4089943a6f208cc
SHA-256: 10ee460c8403f50af26dc055df32c70799489db32d36df270809f6210e4c4524
Size: 31.96 kB - php-dbg-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 2a610c6ed56ead3f8436efd6b3d2a4db
SHA-256: 3c84ef055bd05d629cdb1f830647eba7f8408ea7890a1c91e7660dd83950e945
Size: 1.81 MB - php-debugsource-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: b1e145ad05b22d67a785ce6bf116a128
SHA-256: c82131de621173554284a8b201150fd0a7cc4253e866116bf8cd581c2df8573a
Size: 4.17 MB - php-devel-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: c5a594ebe32209c9908bdb4d1df15b50
SHA-256: 8e9f9c06a4d536e88736a9aa886ecb36565b500472deaaac0c1602651edef43a
Size: 751.52 kB - php-embedded-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 71eea6f095b12deb6b7d79fc8cdbe011
SHA-256: 06200b80d188e622fe62bb02f0f48ab6a6b23b8fdd09d74da41c09704bcee8fd
Size: 1.71 MB - php-enchant-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 0b34e7dfc34da577bfed0d1de46f7913
SHA-256: d9c8497e3a15eae4168dced1521b4817ef9ddce3705731b78b8c856f05d908d3
Size: 16.88 kB - php-ffi-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 377d31ea135f96dc69a09c6d17c85b3e
SHA-256: 6b68a0955e5819414582db362bcceeaf796d1a1fe8fba91c19ca9ed2b5da371c
Size: 74.89 kB - php-fpm-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 30667f6fe7ac333c1a61535098558591
SHA-256: 49b51b1c7e401b810c326e8596a9b6e040366f9f9f524c04ea766f4404e40f19
Size: 1.80 MB - php-gd-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: aa5e86c46b20eac3729326a69a391d0e
SHA-256: 4d51141a74c2569d3deef7b2ce5ba4912c55b8874255d41d7fe7298b6a826572
Size: 39.50 kB - php-gmp-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 81f52f602075ce33cf0bd79664fe632d
SHA-256: e64a0c3270929bf1f4689c5d8318cecd243a5b98237d0a8a74e068a8d217d676
Size: 29.56 kB - php-intl-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: f3359e22f35bc932fcdb181dade85fef
SHA-256: 08c132d1c672a42ce01313fe80682b0aeecbc6605253e9d1bdadfcef8fdf6669
Size: 151.15 kB - php-ldap-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 5158a78cf5a9d12c2d28494796b23aca
SHA-256: c6dc071a368485cd097aa8a3291b8df34e6f2aafac47e93c3e1c97c4c5554b15
Size: 40.38 kB - php-mbstring-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 9a35909993027b46570b2c285651a2bf
SHA-256: 301c702b1f3a4d34d4514cd3f613d26089aa1abd207f0b47a43a9a5ee8d277de
Size: 471.30 kB - php-mysqlnd-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 89aebef6c155342eb6b93102645d801b
SHA-256: ad06be43d9199ee12890a4c53e6d4db958d649786444cffdf7b5b68277a66d0d
Size: 143.53 kB - php-odbc-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 8bef361d7e9ea27ea496819777476c41
SHA-256: 38380fb33afb6e4132994bd0d0b71cb2c0f4e7cc393e2514c938eea368c93eba
Size: 43.31 kB - php-opcache-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 417187f6ed6a7393c0f102b456b05b0b
SHA-256: 9f60811ae0c3e110c9fc17b2f6eef005447b562abd70cae6fc5be7ba191a66ef
Size: 375.28 kB - php-pdo-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 6425d72b4c82d8fd6efa4a8c859bb8b7
SHA-256: b101f049b3dafe13678eaaee14509896869752a44c3877509a096352961b4532
Size: 81.23 kB - php-pecl-apcu-5.1.21-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 2c7c7529fba5e2cbfcfc6d50bd52bc76
SHA-256: 268b8185d62a14e2e22df7fe48554ff82fe655f11c06165b3e2a364cb9dfe92c
Size: 58.19 kB - php-pecl-apcu-debugsource-5.1.21-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: f9f5bb42b9f40ade80087e9eff035d3e
SHA-256: 3bec51f5941af6013be96ab14400e6cf477b59e966728a98364f15b1b522520b
Size: 51.74 kB - php-pecl-apcu-devel-5.1.21-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 5f56fab4201b637d91fcc7c60debe742
SHA-256: e5f60b4f789590c0b88b0b548e7ae355a678716ce3051b1c8fd860120ba713c5
Size: 64.85 kB - php-pecl-rrd-2.0.3-4.module+el9+1083+e013c29a.x86_64.rpm
MD5: c704a66fae8a08fa50e600425097dbc2
SHA-256: e66b7c165c60798654bc310743efa766280c4328d5a1d73d23ede6da3c970961
Size: 26.44 kB - php-pecl-rrd-debugsource-2.0.3-4.module+el9+1083+e013c29a.x86_64.rpm
MD5: a2651c635b862bcea8685d316bc54524
SHA-256: 8d834a463d256f0948da73a2e34f9919d7af0822b0ccc3151d20d2c1c3202a36
Size: 17.68 kB - php-pecl-xdebug3-3.1.4-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 14c78d0ac84b81adc7c2bc6ee457aaae
SHA-256: ce406e67498320a01100507a669e8366c995efb5d3bc41fe9dfbba475894a463
Size: 195.79 kB - php-pecl-xdebug3-debugsource-3.1.4-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 5dc4bec1c624ad8d3a8ec1ed2f293383
SHA-256: 8331e73c5e10c575f8458ef3fe83835eb64cf0369c0832d26e36ec1f35236a2b
Size: 154.99 kB - php-pecl-zip-1.20.1-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: c70ec82f5b12b96d0fd48b5f843c99f2
SHA-256: b6ff592d095f15bd3bd6e6007013fad547796206f9deb67a2f3fe4c520e4b2a3
Size: 61.19 kB - php-pecl-zip-debugsource-1.20.1-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: b55990b0e1668c794b158db4c7e74a18
SHA-256: 299ecfcf7dcf5ec55dee2ac6dcf4e003e26eae00b5f958fe3e0e10f2a16d789e
Size: 27.98 kB - php-pgsql-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 746bdd9810cb44eebd37becfb043cd58
SHA-256: 13d302e75fb0f9f0d1492a546a63667979245fc92955a36bed4f7768aa8e425d
Size: 72.63 kB - php-process-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: 53895c92d345107f0e3deae364bbe5c1
SHA-256: 31840d140509d7af1f58abaaf17466f7f602fbd4c234b6d22fc1776af09a0f27
Size: 39.92 kB - php-snmp-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: ad9801e66fc3f82fe53385795072b911
SHA-256: f6e71af968543aa4f29df669bc76562cb81e93478b8037cb3af4317c9cf6f5c2
Size: 29.67 kB - php-soap-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: acdd87d3a1b7a40b504c0e042116fb62
SHA-256: 13c204c92630ff1fc66439c9cdbb34c43dcbc59f38831335304e617619246e34
Size: 137.64 kB - php-xml-8.1.32-1.module+el9+1083+e013c29a.x86_64.rpm
MD5: ffee3fa4b404e3e50606009e9724d5cd
SHA-256: 0224501d64e4174e14dfacbdd7d80510a6b6178e0aee038f14cac45b8e8cab9c
Size: 142.57 kB