drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in php
| Name: |
Mehrere Probleme in php |
|
| ID: |
RHSA-2025:4263 |
|
| Distribution: |
Red Hat |
|
| Plattformen: |
Red Hat Enterprise Linux AppStream (v. 9) |
|
| Datum: |
Di, 29. April 2025, 06:23 |
|
| Referenzen: |
https://bugzilla.redhat.com/show_bug.cgi?id=2356042
https://access.redhat.com/security/cve/CVE-2025-1734
https://access.redhat.com/security/cve/CVE-2025-1217
https://bugzilla.redhat.com/show_bug.cgi?id=2327960
https://access.redhat.com/security/cve/CVE-2024-11234
https://access.redhat.com/security/cve/CVE-2024-11233
https://bugzilla.redhat.com/show_bug.cgi?id=2356046
https://bugzilla.redhat.com/show_bug.cgi?id=2328523
https://access.redhat.com/security/cve/CVE-2025-1736
https://access.redhat.com/security/cve/CVE-2024-8929
https://bugzilla.redhat.com/show_bug.cgi?id=2356041
https://access.redhat.com/security/cve/CVE-2025-1219
https://bugzilla.redhat.com/show_bug.cgi?id=2356043
https://bugzilla.redhat.com/show_bug.cgi?id=2328521
https://access.redhat.com/security/cve/CVE-2025-1861
https://bugzilla.redhat.com/show_bug.cgi?id=2355917
https://access.redhat.com/errata/RHSA-2025:4263 |
|
| Applikationen: |
PHP |
|
Originalnachricht |
An update for the php:8.1 module is now available for Red Hat Enterprise Linux
9.
Red Hat Product Security has rated this update as having a security impact of
Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP
Server.
Security Fix(es):
* php: Leak partial content of the heap through heap buffer over-read in
mysqlnd (CVE-2024-8929)
* php: Single byte overread with convert.quoted-printable-decode filter
(CVE-2024-11233)
* php: Configuring a proxy in a stream context might allow for CRLF injection
in URIs (CVE-2024-11234)
* php: Header parser of http stream wrapper does not handle folded headers
(CVE-2025-1217)
* php: Stream HTTP wrapper header check might omit basic auth header
(CVE-2025-1736)
* php: Streams HTTP wrapper does not fail for headers with invalid name and no
colon (CVE-2025-1734)
* php: libxml streams use wrong content-type header when requesting a
redirected resource (CVE-2025-1219)
* php: Stream HTTP wrapper truncates redirect location to 1024 bytes
(CVE-2025-1861)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
CVE-2024-8929: Exposure of Sensitive Information to an Unauthorized Actor
(CWE-200)
CVE-2024-11233: Heap-based Buffer Overflow (CWE-122)
CVE-2024-11234: Improper Input Validation (CWE-20)
CVE-2025-1217: Improper Input Validation (CWE-20)
CVE-2025-1219: Improper Input Validation (CWE-20)
CVE-2025-1734: Improper Input Validation (CWE-20)
CVE-2025-1736: Improper Input Validation (CWE-20)
CVE-2025-1861: Incorrect Calculation of Buffer Size (CWE-131)
|
|
|
|
