php:8.2 security update

エラータID: AXSA:2026-118:01

リリース日: 
2026/02/02 Monday - 16:53
題名: 
php:8.2 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

以下項目について対処しました。

[Security Fix]
- PHP には、ホスト名の検証に問題があるため、リモートの攻撃者に
より、サーバサイドリクエストフォージェリ攻撃を可能とする脆弱性
が存在します。(CVE-2025-1220)

- PHP の getimagesize() 関数には、メモリ領域の範囲外読み取りの
問題があるため、リモートの攻撃者により、情報の漏洩を可能とする
脆弱性が存在します。(CVE-2025-14177)

- PHP の array_merge() 関数には、メモリ領域の範囲外書き込み
の問題があるため、リモートの攻撃者により、データ破壊、および
サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-14178)

- PHP の PDO PostgreSQL ドライバには、NULL ポインタデリファレンス
の問題があるため、リモートの攻撃者により、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2025-14180)

- PHP には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2025-1735)

- PHP には、NULL ポインタデリファレンスの問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が
存在します。(CVE-2025-6491)

Modularity name: php
Stream name: 8.2

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-1220
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation that the hostname supplied does not contain null characters. This may lead to other functions like parse_url() treat the hostname in different way, thus opening way to security problems if the user code implements access checks before access using such functions.
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
CVE-2025-14180
In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.
CVE-2025-1735
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid.
CVE-2025-6491
In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly large (>2Gb) XML namespace prefix may lead to null pointer dereference. This may lead to crashes and affect the availability of the target server.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. php-pecl-apcu-5.1.23-1.module+el9+1126+0eff5f17.src.rpm
    MD5: dd5b99eddf5bb3038886055f3f539629
    SHA-256: 6b0a006106bc096acd6a9946dac7c2a94e62cefa024c862c438bfde5fb80f453
    Size: 101.79 kB
  2. php-pecl-rrd-2.0.3-4.module+el9+1126+0eff5f17.src.rpm
    MD5: c9c4e55db001ad531014e9de86720298
    SHA-256: ba403222d46d07602e504032b28f48ff8b5f322ec361a1cbe3377627d83ca255
    Size: 29.67 kB
  3. php-pecl-xdebug3-3.2.2-2.module+el9+1126+0eff5f17.src.rpm
    MD5: 2b0790a5af160a4e9f2f845431a26d08
    SHA-256: cb67fd2a9425695e6d868270535894d7af49b038c7d26ef8e1e77f168583f0a0
    Size: 453.33 kB
  4. php-pecl-zip-1.22.3-1.module+el9+1126+0eff5f17.src.rpm
    MD5: 85c4f01222791f4e1d31d8c0a7e650c5
    SHA-256: 8e5d454f652a7ee9f5ef4057fcd1b38911c509c2f267db4fa2d24321585546d0
    Size: 365.30 kB
  5. php-8.2.30-1.module+el9+1126+0eff5f17.src.rpm
    MD5: 291d5fb4b3613b116597378859393836
    SHA-256: 33f4677bb29ea2cd9c7e6cad3660c2a50d5c76ea7198bafe22d3ba3bfdcdd39d
    Size: 11.72 MB

Asianux Server 9 for x86_64
  1. apcu-panel-5.1.23-1.module+el9+1126+0eff5f17.noarch.rpm
    MD5: 36fd8921fffcc2d7f30420cfd6125080
    SHA-256: 5a5be98281b3054738c93efd532cb94699ebc6b6de7235eee4180f5948b63ed1
    Size: 18.22 kB
  2. php-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 7f891ad12967044282e60d508165618f
    SHA-256: 46a28ebb285eaddd4dd17e1c7477b14f2ff74b127fa68ccc6c427aef08677979
    Size: 7.18 kB
  3. php-bcmath-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 7e970323935eabe42b4e795835160bee
    SHA-256: 4772c8aac4697fab90ff555b212b53d85efdae388362d55047c80625733a21bb
    Size: 32.29 kB
  4. php-cli-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: c855ff691801d8d990fc32ee4b4c606e
    SHA-256: 5ecf0ae4b1102acc9bb4142100c4ea0d162762f338d9aed8f8e821d7a45e33c1
    Size: 3.58 MB
  5. php-common-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: af1f82e3c8257205a0a0860f8198d964
    SHA-256: 1d44a10bf3e99ab6bd39702ae834ab4277479da5d115110cf9727fa2b9c4e453
    Size: 719.75 kB
  6. php-dba-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 00b8cb2ef31e54a1b96d5ccc18b58bd9
    SHA-256: be6c824fa6cbb8adb7dd1c6cc16708e16ace9696adf138e6365d145bc49e07f4
    Size: 31.54 kB
  7. php-dbg-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: b856030a2684db63cdccefd5c2e169c7
    SHA-256: 7586758eb7d67dbbfcf81eb14f1e633d7c3157447fa255693a6309cd818e2d06
    Size: 1.86 MB
  8. php-debugsource-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 7f315e6d5f545ac11100ada97aee6972
    SHA-256: 7cdcf246fab2b61b7f22c849be90713c6d2242ab53e93f0738c84bd2b754b13a
    Size: 4.28 MB
  9. php-devel-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: f3a8d55ce63696bdc17ac915550327b2
    SHA-256: c905a65fc4d3ee7234348bb1e7a934b906fff75eab5b382a84405fda3dc39304
    Size: 773.97 kB
  10. php-embedded-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: b1f89a287fc6215d22d5dc79507453e8
    SHA-256: 9dd03775b6995fda204cca5aa9be4ef6a8c22bd529d064f65921bc1813797712
    Size: 1.76 MB
  11. php-enchant-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 7ca44fa1784d59fce86e694a36d0f0ee
    SHA-256: 34192844005acc2bea06a95cfb28825349e155b16d9a5350a4ebec7de1cbe9bb
    Size: 16.73 kB
  12. php-ffi-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 0ce8e718afa115ef6095fc4101fd9eb3
    SHA-256: 7d47807d8a67503a517095f20a654d34841ef9b8bb94b6baad3f76dfa82a0885
    Size: 76.64 kB
  13. php-fpm-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 3656084cb952b3894f33e6139a4a37d5
    SHA-256: d63141db7d8ddd572f5a28fab434e6f410ba0b4c36ba03a2c0b94f8f5386ed10
    Size: 1.85 MB
  14. php-gd-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 5900e54c2469c2bd9aca22044db62d71
    SHA-256: 2342e331bfa6d03f9d930ba32037193c8beaff15b9cbc398a90cae13ee1ceb1b
    Size: 39.47 kB
  15. php-gmp-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 88aaa5a24242f281bc8ae22af5dc3767
    SHA-256: dd665f57cb4d48e68661fab4e557c096956d62f77f588942b4995301616fccd9
    Size: 29.81 kB
  16. php-intl-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 94b9ee99ed55ae41195cbffab6f9abd5
    SHA-256: 23f31036bcfae96d25545ea0b5ebef3331e0ea6241f5862e6001767fd80f6033
    Size: 165.54 kB
  17. php-ldap-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 65f5fefb19b874908d38f8a6a9f56ee0
    SHA-256: 4d79f412c54aecd919e24beb826679eb56f2df2e3126ea74cac9a57ad485f1db
    Size: 40.65 kB
  18. php-mbstring-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: d1b14cae709d35bc27ea639b9b906392
    SHA-256: f403de60bdd62e76959f33d32e259821b7497fc2dbcb89801d7cb96f4a34592e
    Size: 518.49 kB
  19. php-mysqlnd-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 03cbb1ce04a6ebdfdbff7af5a840ab2d
    SHA-256: 28e134b4a6332b253891a13c1109e3c88dcd7ca8af8f096c767d2f71a0811746
    Size: 143.45 kB
  20. php-odbc-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 05118b695ce2be5d356fd689bf69dc7c
    SHA-256: 374112a56936bf1640713cdd16f7947c59428d7b0724f03393d53657fe66a1cb
    Size: 44.65 kB
  21. php-opcache-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 3d2144280b0abd8aadb3f1c91a6eaab4
    SHA-256: 6a889897a5db03e89c91cbe66863edf002f43ec697681ef4ed73d5468f22957f
    Size: 374.97 kB
  22. php-pdo-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: c00f7ba1541e118da31cade98cad2287
    SHA-256: ba48b6dcdf982d8dd2016f5b466a75b198821b025c181793b8e30cca58565119
    Size: 83.82 kB
  23. php-pecl-apcu-5.1.23-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 3cc8b1a47ca15158736aa0e3d6449928
    SHA-256: 6d1b249e8c8856ae2ce651095c6c47779b87565470d91c2a7a761b98e15e8bb7
    Size: 59.41 kB
  24. php-pecl-apcu-debugsource-5.1.23-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 3af847b5e00700265ffdfb00710f327c
    SHA-256: 478a24051d954636193aafcffa3d4bbdd521f3d668440e22be67a99763c36edd
    Size: 52.55 kB
  25. php-pecl-apcu-devel-5.1.23-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: c9f46771b770541013250fa68d5ba500
    SHA-256: bf93f60a4a86fbc63eb0f01c8965f4e54dcbe331faeb288cd84c89bf75f8996c
    Size: 61.63 kB
  26. php-pecl-rrd-2.0.3-4.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 8e06e4aefb7d2ae0528a70c96462c677
    SHA-256: 2b3f840b47c684d79d3d9f47bdf7e55a8f0234b1c988f7ea63e2670451629653
    Size: 26.43 kB
  27. php-pecl-rrd-debugsource-2.0.3-4.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: d480d5180cae99f8ccf2f134835a3006
    SHA-256: df4cb36e8955f44bc823f85b43e4e1295fe682f5f2c55e7fb53f61d933d673d3
    Size: 17.68 kB
  28. php-pecl-xdebug3-3.2.2-2.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: ab687ec55663bd1e0a57df6b13655e2b
    SHA-256: c17ca88eae026a79e00887ede7aa0ac429e48d5d90605c178639b09199be3470
    Size: 200.34 kB
  29. php-pecl-xdebug3-debugsource-3.2.2-2.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 8bd49c923df09cb8288d961734abc866
    SHA-256: 3bf8676d4580c9f8a266ab06461428d46cc1eb7548f49d71095ce8a44d28e1db
    Size: 156.86 kB
  30. php-pecl-zip-1.22.3-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 2cd28a3e76bf4d47a85e0055c101a1c4
    SHA-256: bf7587a508fc3d83bdfb59db652fed46b4e9870c1ca0c47b29ed9d3b3b6ceb08
    Size: 63.16 kB
  31. php-pecl-zip-debugsource-1.22.3-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: e60efe92373efb8a18057f953aae587b
    SHA-256: e1d761fdd250068bba74a186fe42c82d4bfe6da2218d6084e6a2a723683f0bc6
    Size: 30.84 kB
  32. php-pgsql-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: e5eb96c868da29c868f0aca823768183
    SHA-256: 4d805ba4f1cdcae9b32eae16728aae6b737cca7697224174ea4a35f089083db5
    Size: 72.89 kB
  33. php-process-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: fafc76fb3ae67987cb1b323ca0dc1d94
    SHA-256: 0a492749a8f71d89602e001197c574d7ee68f73c728e7fe55cbe8f938595f115
    Size: 39.23 kB
  34. php-snmp-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 66bd49fe0d1ffad891eb3d654a1233a0
    SHA-256: 3cf4ee5de1b85c671852cfc6dec1f572228e0f398bc80dc93439b43e4629c4a2
    Size: 30.88 kB
  35. php-soap-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 2aeb9eb463948604379a217231e712aa
    SHA-256: 7cc2e82313b430b88bdc443dfd82287e9f7695e424cf75333cd0fe195a1b54d5
    Size: 139.71 kB
  36. php-xml-8.2.30-1.module+el9+1126+0eff5f17.x86_64.rpm
    MD5: 4accd13c79396d0a328f91f26998253b
    SHA-256: 22d0d79d4c22da770d017a5034af0055a8eb87151f73977078e008c8bfc1d0e4
    Size: 143.25 kB