php-8.0.30-5.el9_7
エラータID: AXSA:2026-201:01
リリース日:
2026/02/19 Thursday - 15:51
題名:
php-8.0.30-5.el9_7
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- PHP の getimagesize() 関数には、メモリ領域の範囲外読み取りの
問題があるため、リモートの攻撃者により、情報の漏洩を可能とする
脆弱性が存在します。(CVE-2025-14177)
- PHP の array_merge() 関数には、メモリ領域の範囲外書き込みの
問題があるため、リモートの攻撃者により、データ破壊、およびサービス
拒否攻撃を可能とする脆弱性が存在します。(CVE-2025-14178)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-14177
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.
CVE-2025-14178
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.
追加情報:
N/A
ダウンロード:
SRPMS
- php-8.0.30-5.el9_7.src.rpm
MD5: fe7de27ef56116f9ae7eb0bbd21168eb
SHA-256: 67ddfd60cdd74494abe03059fe9ee75f582bd4e4593d448c75b73d7d61fa3862
Size: 10.58 MB
Asianux Server 9 for x86_64
- php-8.0.30-5.el9_7.x86_64.rpm
MD5: d2315a071dcb2eaee2f5e415218807f0
SHA-256: d6d52b46c414f843da04bdfffa89cdbe26209db2abe3a9738b67a8f7ce988479
Size: 8.71 kB - php-bcmath-8.0.30-5.el9_7.x86_64.rpm
MD5: 9a8835952a5f7b023782592ee519a819
SHA-256: b07eeea23f5afc5dd8dd3b0a384306cbd50055d734676a44dec9f22f16bd422a
Size: 33.83 kB - php-cli-8.0.30-5.el9_7.x86_64.rpm
MD5: e2e9b73716349502991a507f0326b3da
SHA-256: ee5c6afedc7fdf1ee25c84c0b2d8b998a8e87d5abd065e4eb02f799b3bfdfbcc
Size: 3.09 MB - php-common-8.0.30-5.el9_7.x86_64.rpm
MD5: 0c9f340117db89822ea1849d73e44b5a
SHA-256: 642bacda1c76e9d89fd1eb405ce0231b1424c389bf410cb4e8e2fb956b7508a8
Size: 678.52 kB - php-dba-8.0.30-5.el9_7.x86_64.rpm
MD5: a46e9401d97ca2f204daa0be0c0a17c5
SHA-256: 0e32b3a3ddab175c795b160c27ce4145399a9225009af63f97830d211ecd3b6f
Size: 32.77 kB - php-dbg-8.0.30-5.el9_7.x86_64.rpm
MD5: 1a4fe44fb1a156c20ea85189fa43f8b9
SHA-256: 7519354e09bc0c4078da6c87466b5d1e70458fc1f18499f4e68f052619ca10dc
Size: 1.63 MB - php-devel-8.0.30-5.el9_7.x86_64.rpm
MD5: d387f8a49dea047a1d1bd3b5437d8fa4
SHA-256: 51d708ba1146eb45b06e9c21a4781d44c7ad45d9a215ae65e008302fc8e77d28
Size: 725.33 kB - php-embedded-8.0.30-5.el9_7.x86_64.rpm
MD5: 2dc9950fa0e8a83abaf3386d09b02a06
SHA-256: 3a10e79be03a72a4c1c85ae332ae981dbd40232798d4f24b3f64c9ac76902b5f
Size: 1.52 MB - php-enchant-8.0.30-5.el9_7.x86_64.rpm
MD5: 7ef1fbfaa596590e86b4257e8aa042f9
SHA-256: c5692d2352188323aa5b52b3adc79e48619837b33bf03e7ff5f00e10efb15d22
Size: 18.37 kB - php-ffi-8.0.30-5.el9_7.x86_64.rpm
MD5: 7d25d7205f4e9fd3f1cf391cc41a8ed4
SHA-256: 496fd550d8397ce235ab8911fd422a0ad0b323081ee5bdd6b98dc85be7850e90
Size: 73.30 kB - php-fpm-8.0.30-5.el9_7.x86_64.rpm
MD5: 477dd2ce444819be86294b007ef6c93f
SHA-256: ae2b792dd9a60cf05352112728ecdc5e14d39e0e8fb6905db83c512c66c00a0b
Size: 1.59 MB - php-gd-8.0.30-5.el9_7.x86_64.rpm
MD5: d05c0dc636e56af0c979539ceaadf3dc
SHA-256: ab79b7767dcf82f84301098fc90ddee6f286408995fba5cf328dba5152e46600
Size: 39.88 kB - php-gmp-8.0.30-5.el9_7.x86_64.rpm
MD5: b35d185f55c08c83711dc913576ff835
SHA-256: cade550f519fc452eaff638c2b817a5b15b90de1fcdaef57c00a4956bca59c33
Size: 30.22 kB - php-intl-8.0.30-5.el9_7.x86_64.rpm
MD5: e22ae300e04f3a6a63688252f1c41353
SHA-256: 0935f641b025ce210e4b7c842d2cfe46a5e0b2a509912747df93a68f8964195b
Size: 148.98 kB - php-ldap-8.0.30-5.el9_7.x86_64.rpm
MD5: a83caa4c679d976950440840c7f753b8
SHA-256: 275c2f61bd7a2c19b0d3c63dec858ae8ecd8dfed048785b553abcd4c7229bb26
Size: 40.10 kB - php-mbstring-8.0.30-5.el9_7.x86_64.rpm
MD5: 80bab7d18e55fb56f28139280cc7e8e5
SHA-256: 4405945072f28a2936074139064557442c0364791dc643f40d6ed53898437e46
Size: 468.23 kB - php-mysqlnd-8.0.30-5.el9_7.x86_64.rpm
MD5: eb061e75da665bb26acc43734d6a326a
SHA-256: a26dade5a66ea3fe7a662c990c899bf79e43a956f2283f26f68f5fbc3538f4c6
Size: 150.29 kB - php-odbc-8.0.30-5.el9_7.x86_64.rpm
MD5: 1fbbce625df43b36f5b339723e233e95
SHA-256: 5caf4671fd11b1ef6d9f49c1a31c9081deda3f74ae03770c1ac8701bf8eb65d0
Size: 43.70 kB - php-opcache-8.0.30-5.el9_7.x86_64.rpm
MD5: 1b642639956cac4d1057121704d1f373
SHA-256: 80959dd9f9f805099138e494003511e8d62a20b06565e35757be240ab5c297b9
Size: 509.96 kB - php-pdo-8.0.30-5.el9_7.x86_64.rpm
MD5: cdc51394c3fc5ad0e34363c12c364881
SHA-256: f0d1db197e2074371433c3da82f89234417200af8e8fbcbc5cb7b48a29108f79
Size: 81.57 kB - php-pgsql-8.0.30-5.el9_7.x86_64.rpm
MD5: 27f69544e33611e9b709afe88b3f504a
SHA-256: ee879da2cc161bc8d96f7a12ded943af9d412f15e203ddd90d128b2ca74a9e41
Size: 72.01 kB - php-process-8.0.30-5.el9_7.x86_64.rpm
MD5: 70a6446a865060511a6896c776c19227
SHA-256: bde68020f34d34f2b4611167a7daedcebb7ffe260c47c0b04a3137d4025846cb
Size: 40.65 kB - php-snmp-8.0.30-5.el9_7.x86_64.rpm
MD5: 130e2ecf6bd595b4736576d27513eb37
SHA-256: 4449d8ba1e97236489b1a3e5ca8cf4aaa20ff4b77de5dab663399b3a65d761ec
Size: 29.80 kB - php-soap-8.0.30-5.el9_7.x86_64.rpm
MD5: 9e7a911fdeab21ab2ee491fc73f773c0
SHA-256: 97a96264a68d2344aa9c259bfc9f6266807ec4794eb402208a1a9c33221b3b00
Size: 133.59 kB - php-xml-8.0.30-5.el9_7.x86_64.rpm
MD5: 0e80fe7cc15b71b402ee3e2656f96f4c
SHA-256: 09e86e0d0315630701eca13057e4bb40561629b946a5b90f0677c4d0e9b0cbd4
Size: 132.52 kB
English