[security - medium] php:8.2 security update

エラータID: AXSA:2025-10854:01

リリース日: 
2025/09/16 Tuesday - 21:06
題名: 
[security - medium] php:8.2 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP
Server.

Security Fix(es):

php: Leak partial content of the heap through heap buffer over-read in
mysqlnd (CVE-2024-8929)
php: Single byte overread with convert.quoted-printable-decode filter
(CVE-2024-11233)
php: Configuring a proxy in a stream context might allow for CRLF injection
in URIs (CVE-2024-11234)
php: Header parser of http stream wrapper does not handle folded headers
(CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header
(CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no
colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a
redirected resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes
(CVE-2025-1861)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2024-8929
CVE-2024-11233
CVE-2024-11234
CVE-2025-1217
CVE-2025-1219
CVE-2025-1734
CVE-2025-1736
CVE-2025-1861

Modularity name: "php"
Stream name: "8.2"

解決策: 

Update packages.

CVE: 
CVE-2024-11233
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas.
CVE-2024-11234
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user.
CVE-2024-8929
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server.
CVE-2025-1217
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc.
CVE-2025-1219
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations.
CVE-2025-1734
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers.
CVE-2025-1736
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted.
CVE-2025-1861
In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. libzip-1.7.3-1.module+el8+1906+6fba308b.src.rpm
    MD5: a8909517ba18de10f8be4ee68629580e
    SHA-256: a774c737f555839b094c0feed7a9d79a16f804cdcee939c56035dec3fcd7f5d4
    Size: 746.87 kB
  2. php-pear-1.10.14-1.module+el8+1906+6fba308b.src.rpm
    MD5: a6350e0964933d5b8563cc81d5c67daa
    SHA-256: ec5a8ac9518e82f05f93989796edfc0e6922266be11a2c4f10bdd722ac2a3ab0
    Size: 380.78 kB
  3. php-pecl-apcu-5.1.23-1.module+el8+1906+6fba308b.src.rpm
    MD5: 4b67e202a475677ef0f953cb8397dc66
    SHA-256: 8c26052d74b7f28881caa5e9083fc473de7fbb5671d289e8f8e0d1e85ff6f82f
    Size: 105.42 kB
  4. php-pecl-rrd-2.0.3-1.module+el8+1906+6fba308b.src.rpm
    MD5: 56c43966a7ce09adb11c1d7c95617617
    SHA-256: 2abd1824806ab47566211323d5c0bcff3abce6cc9badbe2c3ed107cfae7d9274
    Size: 33.67 kB
  5. php-pecl-xdebug3-3.2.2-2.module+el8+1906+6fba308b.src.rpm
    MD5: dd271a38cf25be93c4b47d6bf228de11
    SHA-256: ec603ff1a6c26653080b60747166ba29b1e626ba09ba7931071da0717a40361e
    Size: 465.77 kB
  6. php-pecl-zip-1.22.3-1.module+el8+1906+6fba308b.src.rpm
    MD5: 8a3b65be3510bffbfd1f9913b1d89556
    SHA-256: 383e2648e1f7daaca8d29c288b70c8bb18dde9e208b35ae8f2e44014fa674c9e
    Size: 368.63 kB
  7. php-8.2.28-1.module+el8+1906+6fba308b.src.rpm
    MD5: e22984453ba9a79ca573310f9893bfb1
    SHA-256: 4bdf4036ccea6c677e2be2ea3cbaacbd7aca85354cb516f590885210819e2c7a
    Size: 11.75 MB

Asianux Server 8 for x86_64
  1. apcu-panel-5.1.23-1.module+el8+1906+6fba308b.noarch.rpm
    MD5: 75d7fa71341d1a21e23953bf0bd74289
    SHA-256: bcce799fe9e28cef757259d4a736127313c5adfab04056810a6ec1d77b9badea
    Size: 22.84 kB
  2. libzip-1.7.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 9d7ae4bcc806df0363f04d42c29d63f7
    SHA-256: 8f0ff4e22ef747113d1fbe6eed66b611aa6c7d05f954c030135679134bc71413
    Size: 66.00 kB
  3. libzip-debugsource-1.7.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: caf227e484a02e30173b33e32ceb07dc
    SHA-256: 9569a9145d1a4a4ae3db04de5def6c58dbb5c2f52e3823770681db409eedbdf3
    Size: 104.79 kB
  4. libzip-devel-1.7.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 1b012416a5d403eb750b8d69757721a8
    SHA-256: 5564fe39577f06765ea8182da0bfaefb2f071e8e6593ca9f59ea7b0eba43db29
    Size: 188.60 kB
  5. libzip-tools-1.7.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: d58186c06b76e6c0f634f889f07588dc
    SHA-256: 03f056b854fd36cc2de7b29285266ae65112b48baf1b83f37e2989f97ba65083
    Size: 43.14 kB
  6. php-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 95cb8a800c88283fb7109bd9a13e18b9
    SHA-256: 550b07e7f790cc72acbcfcff05892506d1c0de7c1bb9dd2c20f13c93539e385a
    Size: 1.80 MB
  7. php-bcmath-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 943754acf0e949fa2978b97d84aef3dc
    SHA-256: dff0e54b10aecbd8ea669ac7df41fd0a8da4c84d59a27b35b691ba0384ac7337
    Size: 80.11 kB
  8. php-cli-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 786002c3ad216476037a2199af06461f
    SHA-256: 23b68c3196464b78f7f5fb55bf1fa9a5d0bdb18e60e8abe029a0e2b07cef3c45
    Size: 3.64 MB
  9. php-common-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: fa0ceb7a59a717a1a68bc84460119d6e
    SHA-256: 9918b4a38c9f0a14275d6a9ca0bf6c01ba8aab8326a64e29d22ab3eb1f819803
    Size: 748.32 kB
  10. php-dba-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: c024187ae3b562ff0e17ac33a97ec524
    SHA-256: e5df801a41e3aa2fa5c002d7b57ad4d9c8ea18258cda9d963338f243abb2c148
    Size: 80.58 kB
  11. php-dbg-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: ecea83c267fa2c89872ceef6c1f9bbb0
    SHA-256: 27acd55e832d77f8deae94602d76052ae371509fbdf47ff3d4d1a94ac369b80c
    Size: 1.89 MB
  12. php-debugsource-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: bef6a299418c8c47f81c0faad8ee676b
    SHA-256: ed4a9b6d1a749b799e50beab9fd9bb9004988b96660c0be0343fec727e5aabc2
    Size: 4.58 MB
  13. php-devel-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 62e1230e92c8b5f86fe8a44ef17ddf5f
    SHA-256: e51edc394890150d4af48e67987eb85626c7ab15f1923b7d79137078be74f97b
    Size: 826.58 kB
  14. php-embedded-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 1dbecc261d6fd8b416b1300f479938a7
    SHA-256: 718110fcd881d18f100d9e488dfd4eef3bbc9b73ed330e7767e91fcb4bf34292
    Size: 1.79 MB
  15. php-enchant-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: df460369fedb1ebb7e4fb302a6be7092
    SHA-256: 48f5fa6cb004e3adb87d2e4dd25a1abfc15c3c3dc72e647571ec35612a58e1c0
    Size: 64.54 kB
  16. php-ffi-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 3274a18f839e12c2aa19939bd05af7d4
    SHA-256: fee6037a880bbf8851fadf312281b918257c2bf88b0da0ada5b668d96122331b
    Size: 121.50 kB
  17. php-fpm-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: b5e18daeef241c3821edaa738651f9cb
    SHA-256: 0d41047ae3e08417a8b5258a15b8662c00de1d1fcdb626a817772974c293a0c9
    Size: 1.89 MB
  18. php-gd-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 8bf2822c1924146101c809c1953e5128
    SHA-256: ddd1d3516470e819117b11940766b1b4684a903b13f46a6a796c2dd29896f84a
    Size: 85.93 kB
  19. php-gmp-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 8dbbef6aa1b04ca5167ce976d6bf61f6
    SHA-256: af3cc837035114a62332874b8ce9fd53148df61ff47fd8bba1f31573b41ec4de
    Size: 79.03 kB
  20. php-intl-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 12a80fcdb871bdbd9827c3a16de9bd54
    SHA-256: 4f2787ddd0e09904c349efa599bd311764db197a80a446980a5d5e9345fba985
    Size: 205.77 kB
  21. php-ldap-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: b3619144083b6d2b47456a60c4551f0a
    SHA-256: 7a9bb90e031945c5d09d494a78652fd440a4d161c5dc9b925d1a586f4df1ee95
    Size: 87.49 kB
  22. php-mbstring-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: abcca87b2e27f820d60669ef04c14d86
    SHA-256: 7c4cb044be7b62e01b6865938d8f8276b489ae45e206a4debb73ed2cf36b0627
    Size: 528.08 kB
  23. php-mysqlnd-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: f38798c0009c8d942b126f81f208bcd8
    SHA-256: fda42ef7e545962261007ae73500d9437e14b62e93b8e4c4847333a6b9f64332
    Size: 188.44 kB
  24. php-odbc-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: c6c9e62bee72098f615bd0d020d9f95a
    SHA-256: 0e29fa680b129a1bf1b694c247e0533f7d718e0b2c4b9a4bbfffaf7c514351f4
    Size: 91.81 kB
  25. php-opcache-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: ccf3b47a60c1a6f8963f14093ee7ace5
    SHA-256: 107b534b92ee0f550f0cac919775ad1e92a209ce5c6ab4c110c2b98231751022
    Size: 415.20 kB
  26. php-pdo-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 8719f309004caed47b7d52bb7e0b68f9
    SHA-256: 6cab50980bc9a0136094c01a6f647be03eec4f3b5040ffa2c143ce0c994050eb
    Size: 133.18 kB
  27. php-pear-1.10.14-1.module+el8+1906+6fba308b.noarch.rpm
    MD5: a2be5c57e38f7afa7f70dcb27743c843
    SHA-256: d5b32abc93a817b9a38111a01f38b68ed244862a66b578e7d0e05c4b2946ea9c
    Size: 360.81 kB
  28. php-pecl-apcu-5.1.23-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: dd446dd027f91b6ceb7fff9a6a818bce
    SHA-256: 4ec04e0ca6d5dddf610b2567b3ab5587885056e2d2e87347521576508b787dc4
    Size: 62.50 kB
  29. php-pecl-apcu-debugsource-5.1.23-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 4d90df13a6ef95e78637947d2a0ce312
    SHA-256: 1535533516ba9caadfad339992781a9b87e8c19cc01695a6c6735844a72254f7
    Size: 51.52 kB
  30. php-pecl-apcu-devel-5.1.23-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: f07fba5ab6cdaf9f63b903cb50c928f3
    SHA-256: d4c429babb3bd38280d5a05c9e6ed3decedcc0944dd4c7c0c531d7330c40cbb0
    Size: 45.82 kB
  31. php-pecl-rrd-2.0.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 45d64578b9f820499ac6ec983625a587
    SHA-256: 442cc29d0ed96054dc7a23da5e1d7db919329e260352c61836f9bd07d28c59a2
    Size: 30.75 kB
  32. php-pecl-rrd-debugsource-2.0.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 2409768956e65f5c74c86c08d1ff589a
    SHA-256: 91e7b708ef52e161b3992581127af32e666c6897ded62ef1f48a132b3b5b3853
    Size: 22.49 kB
  33. php-pecl-xdebug3-3.2.2-2.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 7e9f49fd76f665c7d857d29b67a08085
    SHA-256: 2448748180e16ba11bc6b5ef122d86c5d9fef5c787d1f97255bf10fe6be91b92
    Size: 211.61 kB
  34. php-pecl-xdebug3-debugsource-3.2.2-2.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 8ef164fe79c0ed1d8c9a88d450cc84f8
    SHA-256: f20cd9b526d73d8948b47ba42440dfcc3fee4268cfd3594dd8a8fc1452ed041d
    Size: 159.67 kB
  35. php-pecl-zip-1.22.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 0e08d8c9a60ee0ece0c0a8f531dce602
    SHA-256: 683f5d86c29a5589cc735781551edbbfa86f0ff9fe85ccb8096767879b3de219
    Size: 59.57 kB
  36. php-pecl-zip-debugsource-1.22.3-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 2aef1c2c9ebb91830e43cd6a7900b8cb
    SHA-256: e1f971a9cb7d358b1158271fb5dcf369a860110a08ba7aafbadbe53d331a78d4
    Size: 36.09 kB
  37. php-pgsql-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 238aa66e84c1b2d02ae5719702e01bab
    SHA-256: 92dced74e222de54f0350e0f11eeacc05ae67ed27f2a7d94dda4ff38a383da8d
    Size: 121.04 kB
  38. php-process-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: 174017a847751d83a25e7fe89e572fe7
    SHA-256: a9a8448089be542d62698b5c8a7ddce95ccd32c60e4b24e11d2237725bcf6dee
    Size: 86.84 kB
  39. php-snmp-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: f5406a7a1177e5c088daa31671096f48
    SHA-256: d50417c1b13d68659fd10db1e49138b6f03c7363dbd8ba67f6e60a5f11fbb89d
    Size: 78.08 kB
  40. php-soap-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: f017edad0ace710088a7a0872dda42bd
    SHA-256: d7caddbe1dbe66a6411cbe675c4e431c114d9a76bcacfb742006bd798005d64f
    Size: 184.59 kB
  41. php-xml-8.2.28-1.module+el8+1906+6fba308b.x86_64.rpm
    MD5: d175e7c7e8db07f46b75b99971c7e777
    SHA-256: 77d9e68293d12514a5ba87a8f4c73be19bcc040f0f9b48571d35fd201e5683da
    Size: 189.13 kB