RLSA-2025:15687

php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

Credits

- Rocky Enterprise Software Foundation
- Red Hat

Affected packages

Rocky Linux:8

libzip

Package

Name: libzip
Purl: pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.7.3-1.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

libzip

Package

Name: libzip
Purl: pkg:rpm/rocky-linux/libzip?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.7.3-1.module+el8.10.0+1605+02e07af7

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pear

Package

Name: php-pear
Purl: pkg:rpm/rocky-linux/php-pear?distro=rocky-linux-8&epoch=1

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

1:1.10.14-1.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pecl-apcu

Package

Name: php-pecl-apcu
Purl: pkg:rpm/rocky-linux/php-pecl-apcu?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:5.1.23-1.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pecl-rrd

Package

Name: php-pecl-rrd
Purl: pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.0.3-1.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pecl-rrd

Package

Name: php-pecl-rrd
Purl: pkg:rpm/rocky-linux/php-pecl-rrd?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:2.0.3-1.module+el8.10.0+1605+02e07af7

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pecl-xdebug3

Package

Name: php-pecl-xdebug3
Purl: pkg:rpm/rocky-linux/php-pecl-xdebug3?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:3.2.2-2.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"

php-pecl-zip

Package

Name: php-pecl-zip
Purl: pkg:rpm/rocky-linux/php-pecl-zip?distro=rocky-linux-8&epoch=0

Affected ranges

Type

ECOSYSTEM

Events

Introduced

Fixed

0:1.22.3-1.module+el8.10.0+1911+f499711e

Database specific

{
    "yum_repository": "AppStream"
}

Database specific

source

"https://storage.googleapis.com/resf-osv-data/RLSA-2025:15687.json"