php-8.0.30-5.el9_7

エラータID: AXSA:2026-201:01

リリース日: 
2026/02/19 Thursday - 15:51
題名: 
php-8.0.30-5.el9_7
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: heap-based buffer overflow in array_merge() (CVE-2025-14178)
* php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images (CVE-2025-14177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

解決策: 

Update packages.

CVE: 
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. php-8.0.30-5.el9_7.src.rpm
    MD5: fe7de27ef56116f9ae7eb0bbd21168eb
    SHA-256: 67ddfd60cdd74494abe03059fe9ee75f582bd4e4593d448c75b73d7d61fa3862
    Size: 10.58 MB

Asianux Server 9 for x86_64
  1. php-8.0.30-5.el9_7.x86_64.rpm
    MD5: d2315a071dcb2eaee2f5e415218807f0
    SHA-256: d6d52b46c414f843da04bdfffa89cdbe26209db2abe3a9738b67a8f7ce988479
    Size: 8.71 kB
  2. php-bcmath-8.0.30-5.el9_7.x86_64.rpm
    MD5: 9a8835952a5f7b023782592ee519a819
    SHA-256: b07eeea23f5afc5dd8dd3b0a384306cbd50055d734676a44dec9f22f16bd422a
    Size: 33.83 kB
  3. php-cli-8.0.30-5.el9_7.x86_64.rpm
    MD5: e2e9b73716349502991a507f0326b3da
    SHA-256: ee5c6afedc7fdf1ee25c84c0b2d8b998a8e87d5abd065e4eb02f799b3bfdfbcc
    Size: 3.09 MB
  4. php-common-8.0.30-5.el9_7.x86_64.rpm
    MD5: 0c9f340117db89822ea1849d73e44b5a
    SHA-256: 642bacda1c76e9d89fd1eb405ce0231b1424c389bf410cb4e8e2fb956b7508a8
    Size: 678.52 kB
  5. php-dba-8.0.30-5.el9_7.x86_64.rpm
    MD5: a46e9401d97ca2f204daa0be0c0a17c5
    SHA-256: 0e32b3a3ddab175c795b160c27ce4145399a9225009af63f97830d211ecd3b6f
    Size: 32.77 kB
  6. php-dbg-8.0.30-5.el9_7.x86_64.rpm
    MD5: 1a4fe44fb1a156c20ea85189fa43f8b9
    SHA-256: 7519354e09bc0c4078da6c87466b5d1e70458fc1f18499f4e68f052619ca10dc
    Size: 1.63 MB
  7. php-devel-8.0.30-5.el9_7.x86_64.rpm
    MD5: d387f8a49dea047a1d1bd3b5437d8fa4
    SHA-256: 51d708ba1146eb45b06e9c21a4781d44c7ad45d9a215ae65e008302fc8e77d28
    Size: 725.33 kB
  8. php-embedded-8.0.30-5.el9_7.x86_64.rpm
    MD5: 2dc9950fa0e8a83abaf3386d09b02a06
    SHA-256: 3a10e79be03a72a4c1c85ae332ae981dbd40232798d4f24b3f64c9ac76902b5f
    Size: 1.52 MB
  9. php-enchant-8.0.30-5.el9_7.x86_64.rpm
    MD5: 7ef1fbfaa596590e86b4257e8aa042f9
    SHA-256: c5692d2352188323aa5b52b3adc79e48619837b33bf03e7ff5f00e10efb15d22
    Size: 18.37 kB
  10. php-ffi-8.0.30-5.el9_7.x86_64.rpm
    MD5: 7d25d7205f4e9fd3f1cf391cc41a8ed4
    SHA-256: 496fd550d8397ce235ab8911fd422a0ad0b323081ee5bdd6b98dc85be7850e90
    Size: 73.30 kB
  11. php-fpm-8.0.30-5.el9_7.x86_64.rpm
    MD5: 477dd2ce444819be86294b007ef6c93f
    SHA-256: ae2b792dd9a60cf05352112728ecdc5e14d39e0e8fb6905db83c512c66c00a0b
    Size: 1.59 MB
  12. php-gd-8.0.30-5.el9_7.x86_64.rpm
    MD5: d05c0dc636e56af0c979539ceaadf3dc
    SHA-256: ab79b7767dcf82f84301098fc90ddee6f286408995fba5cf328dba5152e46600
    Size: 39.88 kB
  13. php-gmp-8.0.30-5.el9_7.x86_64.rpm
    MD5: b35d185f55c08c83711dc913576ff835
    SHA-256: cade550f519fc452eaff638c2b817a5b15b90de1fcdaef57c00a4956bca59c33
    Size: 30.22 kB
  14. php-intl-8.0.30-5.el9_7.x86_64.rpm
    MD5: e22ae300e04f3a6a63688252f1c41353
    SHA-256: 0935f641b025ce210e4b7c842d2cfe46a5e0b2a509912747df93a68f8964195b
    Size: 148.98 kB
  15. php-ldap-8.0.30-5.el9_7.x86_64.rpm
    MD5: a83caa4c679d976950440840c7f753b8
    SHA-256: 275c2f61bd7a2c19b0d3c63dec858ae8ecd8dfed048785b553abcd4c7229bb26
    Size: 40.10 kB
  16. php-mbstring-8.0.30-5.el9_7.x86_64.rpm
    MD5: 80bab7d18e55fb56f28139280cc7e8e5
    SHA-256: 4405945072f28a2936074139064557442c0364791dc643f40d6ed53898437e46
    Size: 468.23 kB
  17. php-mysqlnd-8.0.30-5.el9_7.x86_64.rpm
    MD5: eb061e75da665bb26acc43734d6a326a
    SHA-256: a26dade5a66ea3fe7a662c990c899bf79e43a956f2283f26f68f5fbc3538f4c6
    Size: 150.29 kB
  18. php-odbc-8.0.30-5.el9_7.x86_64.rpm
    MD5: 1fbbce625df43b36f5b339723e233e95
    SHA-256: 5caf4671fd11b1ef6d9f49c1a31c9081deda3f74ae03770c1ac8701bf8eb65d0
    Size: 43.70 kB
  19. php-opcache-8.0.30-5.el9_7.x86_64.rpm
    MD5: 1b642639956cac4d1057121704d1f373
    SHA-256: 80959dd9f9f805099138e494003511e8d62a20b06565e35757be240ab5c297b9
    Size: 509.96 kB
  20. php-pdo-8.0.30-5.el9_7.x86_64.rpm
    MD5: cdc51394c3fc5ad0e34363c12c364881
    SHA-256: f0d1db197e2074371433c3da82f89234417200af8e8fbcbc5cb7b48a29108f79
    Size: 81.57 kB
  21. php-pgsql-8.0.30-5.el9_7.x86_64.rpm
    MD5: 27f69544e33611e9b709afe88b3f504a
    SHA-256: ee879da2cc161bc8d96f7a12ded943af9d412f15e203ddd90d128b2ca74a9e41
    Size: 72.01 kB
  22. php-process-8.0.30-5.el9_7.x86_64.rpm
    MD5: 70a6446a865060511a6896c776c19227
    SHA-256: bde68020f34d34f2b4611167a7daedcebb7ffe260c47c0b04a3137d4025846cb
    Size: 40.65 kB
  23. php-snmp-8.0.30-5.el9_7.x86_64.rpm
    MD5: 130e2ecf6bd595b4736576d27513eb37
    SHA-256: 4449d8ba1e97236489b1a3e5ca8cf4aaa20ff4b77de5dab663399b3a65d761ec
    Size: 29.80 kB
  24. php-soap-8.0.30-5.el9_7.x86_64.rpm
    MD5: 9e7a911fdeab21ab2ee491fc73f773c0
    SHA-256: 97a96264a68d2344aa9c259bfc9f6266807ec4794eb402208a1a9c33221b3b00
    Size: 133.59 kB
  25. php-xml-8.0.30-5.el9_7.x86_64.rpm
    MD5: 0e80fe7cc15b71b402ee3e2656f96f4c
    SHA-256: 09e86e0d0315630701eca13057e4bb40561629b946a5b90f0677c4d0e9b0cbd4
    Size: 132.52 kB