php-5.4.16-48.0.6.el7.AXS7
エラータID: AXSA:2025-10014:03
リリース日:
2025/06/16 Monday - 11:36
題名:
php-5.4.16-48.0.6.el7.AXS7
影響のあるチャネル:
Asianux Server 7 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PHP の HTTP レスポンスヘッダーの解析処理には、入力データの
チェック処理に不備があるため、リモートの攻撃者により、情報の漏洩
を可能とする脆弱性が存在します。(CVE-2025-1217)
- PHP の HTTP レスポンスヘッダーの解析処理には、入力データの
チェック処理に不備があるため、リモートの攻撃者により、情報の漏洩
を可能とする脆弱性が存在します。(CVE-2025-1734)
- PHP の HTTP リダイレクトの解析処理には、location バッファーの
サイズが推奨値より小さい問題があるため、リモートの攻撃者により、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-1861)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1734
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
CVE-2025-1861
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
追加情報:
N/A
ダウンロード:
Asianux Server 7 for x86_64
- php-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 6848e7ecf7880cfb29f17217a223368e
SHA-256: 54b27d457b2f6e1c6263951694c28056ae90d42256a7cb0554d594096e80e06b
Size: 1.36 MB - php-bcmath-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: d64001a5ada036fb523f3d711072ac06
SHA-256: 9e08215206843870f3261dce5d07127b15e30e84e13fb78c29d39d9610862bfb
Size: 59.71 kB - php-cli-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 6fce430a562b6d097a93da94d0d6d771
SHA-256: edbe9153c6f39926ba72c03406a111b913093d31f058aac06c746fca63a6e43e
Size: 2.75 MB - php-common-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 374aec43a4695eab5053d4d68bd51504
SHA-256: dcdf62d7e8d5141bfc08a76fb53d35b9dfc2f6acaad55ddbd91c83013c30d77d
Size: 566.94 kB - php-gd-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 043e52ba4e6f5a9339454a86e14e737f
SHA-256: 1db44acbf8d9fb6a9b36adb473723c278c621867770264529b609c9a7b5d9dda
Size: 129.57 kB - php-ldap-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: acdf0695281131f9fd77fc37ffd1e684
SHA-256: 016983511aa4b6e9ab76b1e172d015eb84d84fa2ebf8f65095ba911a37916b48
Size: 54.68 kB - php-mbstring-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 6c253ee50d2bea56dbd6c090e1e82c9b
SHA-256: 2bd732ec0939fcbd6fc1ecd8e31dad6a88240f12f9159f0b29181cf6f5780252
Size: 507.16 kB - php-mysql-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 49cfafa84237239026dc284c687928b4
SHA-256: baebe28b48cb6686c036513cd754c5e830655989c924f85dd9185a790e2b8cea
Size: 103.31 kB - php-odbc-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 452797efc727107d4d0b6ce355ba1d86
SHA-256: 2a51cca92fb380eef728a9190964240222e7f4871a180b20de9d1e432ebd9d16
Size: 67.58 kB - php-pdo-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 7fb8f703ff551f594f2bd01403c85dcf
SHA-256: 35ea62d09bd3e63364fe37e4d4b64ae91cac9e26357bdd3db4ae6e46bb596933
Size: 100.91 kB - php-pgsql-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 0af5d615ee82e11f0e42642cd2580870
SHA-256: fb40f4db8a7f28a66910481145337416647211168983082d4eb116ce4cbbe7db
Size: 88.16 kB - php-process-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: d9c53232348b474aabfd8e3832ca9c0a
SHA-256: c293cdbdfe53ea812582718b998a9d833ef99238d9b88d4a4dd7b3a3679d2405
Size: 57.98 kB - php-recode-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 0cabd1b1badd37f1255de199ef7aaf46
SHA-256: 39105d75ed30c97f50ffa3276edc32f2f8ae8844eb4b7f4faa7d58ad3854abd6
Size: 40.63 kB - php-soap-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: ae1a2409a4735db2793ec8363db0facd
SHA-256: 8d636e20cfde93f3e1a65d6bcb3075cf3ddb0bbbc222127864efad2e19867996
Size: 160.86 kB - php-xml-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: e268bd8549c23ee11576491edb0f691b
SHA-256: 5b0f56edbcef29f1091fa4929706052b76d06f9202960a5d82eef91edf04d9f8
Size: 129.21 kB - php-xmlrpc-5.4.16-48.0.6.el7.AXS7.x86_64.rpm
MD5: 181efd89d9f804519088266af53e1440
SHA-256: 9455c0f910dfad37c93b3da51cb71cb72530b6b225819587632515bb2d684108
Size: 70.26 kB