php-8.0.30-3.el9_6

エラータID: AXSA:2025-10450:05

リリース日: 
2025/07/14 Monday - 14:11
題名: 
php-8.0.30-3.el9_6
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- PHP の HTTP レスポンスヘッダーの解析処理には、入力データの
チェック処理に不備があるため、リモートの攻撃者により、情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-1217)

- PHP の DOM および SimpleXML 拡張機能には、入力データのチェック
処理に不備があるため、リモートの攻撃者により、情報の漏洩を可能と
する脆弱性が存在します。(CVE-2025-1219)

- PHP の HTTP レスポンスヘッダーの解析処理には、入力データの
チェック処理に不備があるため、リモートの攻撃者により、情報の
漏洩を可能とする脆弱性が存在します。(CVE-2025-1734)

- PHP の HTTP ヘッダーの解析処理には、入力データのチェック処理に
不備があるため、リモートの攻撃者により、情報の漏洩を可能とする
脆弱性が存在します。(CVE-2025-1736)

- PHP の HTTP リダイレクトの解析処理には、location バッファーの
サイズが推奨値より小さい問題があるため、リモートの攻撃者により、
情報の漏洩を可能とする脆弱性が存在します。(CVE-2025-1861)

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1219
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
CVE-2025-1734
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
CVE-2025-1736
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
CVE-2025-1861
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. php-8.0.30-3.el9_6.src.rpm
    MD5: 773db59cf6ed7e5332cb28b2adfa90e9
    SHA-256: 5edf8c0810c438b242bbf208b925b528efa347448f1501fb3ffcc93d6b7ac213
    Size: 10.56 MB

Asianux Server 9 for x86_64
  1. php-8.0.30-3.el9_6.x86_64.rpm
    MD5: 5dfe95874ff17d8853040b6d3bca5e66
    SHA-256: 805cd4c1f4e5847a885a17d79306a24ca87ba53c2faa2516040f4db51dc9228a
    Size: 8.18 kB
  2. php-bcmath-8.0.30-3.el9_6.x86_64.rpm
    MD5: 708a9e614b3a20b477997ad29f1cb533
    SHA-256: f3807f28ceec8e2fcaf711c0d4e7a54ffc0ec31579d39277a9874e81e1cd8a1a
    Size: 33.70 kB
  3. php-cli-8.0.30-3.el9_6.x86_64.rpm
    MD5: 0c7f8223af79d1a0b35df99c4f8a8a4a
    SHA-256: ed94f6aa8dd5f695dbd3831f9718e0ab549a94be9036554b1ad91ff9c8038687
    Size: 3.10 MB
  4. php-common-8.0.30-3.el9_6.x86_64.rpm
    MD5: 72a5f09680902336810e062f86538388
    SHA-256: 78b9a2de6dd32a66791f131f15a3eb0fc00db228ad1171d24398beedf8769980
    Size: 679.93 kB
  5. php-dba-8.0.30-3.el9_6.x86_64.rpm
    MD5: d293e10a7bbfbe3254ff53ea60d60c04
    SHA-256: ffb87e7cf224c21005f99ba66e68f1fc48152138c982aac4f5a5760d9d90c490
    Size: 32.54 kB
  6. php-dbg-8.0.30-3.el9_6.x86_64.rpm
    MD5: 4cf09920f5bf66a4e393658d3dd57ce9
    SHA-256: dfb66fbe7628a7a5c180ec139a2dee0a1af1a775147302cabd0f9ad898cf7b6e
    Size: 1.63 MB
  7. php-devel-8.0.30-3.el9_6.x86_64.rpm
    MD5: af0c30e95d3ae1413b34810241b093ab
    SHA-256: e163d441d35ba66a2b5fdd3b258f9ab2ee21503815d37ae6e5485472c29c2c1a
    Size: 724.89 kB
  8. php-embedded-8.0.30-3.el9_6.x86_64.rpm
    MD5: 7d3d118a58470c4901903190bbbc700e
    SHA-256: 28e9c39949aefd9ae318c1f67a5182833d0336ede05ed36fa6ab4ce4635c9dd3
    Size: 1.52 MB
  9. php-enchant-8.0.30-3.el9_6.x86_64.rpm
    MD5: c8bfa5749f17be89c9d700371da9f77e
    SHA-256: e38176f05f7cf5203ae49bb459fd61f48ac8817c07e44fa5d7a1ada4e9cf4451
    Size: 18.00 kB
  10. php-ffi-8.0.30-3.el9_6.x86_64.rpm
    MD5: 15f54f8e98005c39ceda7d7d8ec34799
    SHA-256: eac2bf1cd381966f919dd8df58afea475de88165bc79000ee878b404279d950f
    Size: 72.83 kB
  11. php-fpm-8.0.30-3.el9_6.x86_64.rpm
    MD5: ed754021c4d7990fcf795f26c2ee3b02
    SHA-256: c16d93b410fe896032f25f2cb55d0e0b47e4d1ec5d49555b2db45ed9c50f8d44
    Size: 1.60 MB
  12. php-gd-8.0.30-3.el9_6.x86_64.rpm
    MD5: d2bfd221ab818cba462ee2f1fc71d618
    SHA-256: 6a026b08fdb4a2a51570ca3caba2133c1fd78f10876e3495ef4e8df09bd48702
    Size: 39.52 kB
  13. php-gmp-8.0.30-3.el9_6.x86_64.rpm
    MD5: 246ba4d88760b991d8fd2d3b2c5b90f2
    SHA-256: bbaf57e0b02d7061fa29a165b14d08b629b627eb0d3817de8faf71a1e1ad0991
    Size: 29.92 kB
  14. php-intl-8.0.30-3.el9_6.x86_64.rpm
    MD5: 7b453f85acd59ecffcaeefa39c292e88
    SHA-256: 5941659e6e50d269e0b664a2396d8019e7f8a1d405afe0496b9fcf5cb7725b93
    Size: 149.33 kB
  15. php-ldap-8.0.30-3.el9_6.x86_64.rpm
    MD5: bf36a1dfcd7f17b9ca1e81040d1c42d0
    SHA-256: af285b1b63884f0f4d846c0a22e6e552dcc04f08301b6f539448b34e56f6e031
    Size: 39.28 kB
  16. php-mbstring-8.0.30-3.el9_6.x86_64.rpm
    MD5: d626e831d493aaff46eb7d31d497b340
    SHA-256: 1a8df29bd633e314954831769d765a81a636680755fc14b1245dce729994d6f2
    Size: 468.76 kB
  17. php-mysqlnd-8.0.30-3.el9_6.x86_64.rpm
    MD5: c1154a21a9607cf3ab9eb0c4a9c02c12
    SHA-256: 4f1d6f15cb8d39fb3e6fa08f884754e7b23fb296e8ce55071f95a31f91029c3f
    Size: 150.73 kB
  18. php-odbc-8.0.30-3.el9_6.x86_64.rpm
    MD5: d769779f873498254285bb39d86d2a0a
    SHA-256: e3d8218c81483950b190c3f9081aac80ada61239e280019800bc9d6c1dd81811
    Size: 43.50 kB
  19. php-opcache-8.0.30-3.el9_6.x86_64.rpm
    MD5: 098e5c810de4320febf088a64e293b98
    SHA-256: 8cb2615f90f844ef6f71da0018d02e88a86c448e443d788da1711ac43b3b1f43
    Size: 510.05 kB
  20. php-pdo-8.0.30-3.el9_6.x86_64.rpm
    MD5: f29099d7c162ebb4672729dc16827cde
    SHA-256: 22b86a24985eb237a2e93f03ad95dde2308cd72e6942f551f352cc946cd3c97d
    Size: 81.48 kB
  21. php-pgsql-8.0.30-3.el9_6.x86_64.rpm
    MD5: 058dac3eb5fcca2442ba00b0a1a5b63f
    SHA-256: 05d076a629294c38babad6e14f58c34c14bd720c7c2dcf4694aa0addf894eb31
    Size: 71.22 kB
  22. php-process-8.0.30-3.el9_6.x86_64.rpm
    MD5: d4983f8a273eb44ae3b0ea683dd9f4bf
    SHA-256: 4c6f2f22333229e7a7257bd80b1902d40f7a4a5d6b2ae48b90b71fd5042e280a
    Size: 40.83 kB
  23. php-snmp-8.0.30-3.el9_6.x86_64.rpm
    MD5: 223aaa6148c1612d76508682c107a1e9
    SHA-256: b0d541c36553c9358965a5b3089ca540a9b22935d0f30c024e322fd47b07cf00
    Size: 29.45 kB
  24. php-soap-8.0.30-3.el9_6.x86_64.rpm
    MD5: bef219abbe671b58fd2ab79850e3da6d
    SHA-256: 7e8e04f1d3f6dbd3d6c2272f87c2a48435e9760ce89e5f44563f6eb87333f1eb
    Size: 133.21 kB
  25. php-xml-8.0.30-3.el9_6.x86_64.rpm
    MD5: ec53b7f1299c080bd07fdf0fa6a8210e
    SHA-256: a59523dd025a410275aa123246fbbf00a513599ca5b5469b015503d94e1da236
    Size: 132.98 kB