CLSA-2026-1779212665 php: Fix of 14 CVEs

CVE-2018-5711: fix infinite loop in gdImageCreateFromGifCtx - CVE-2018-5712: remove file name from phar stub error output XSS - CVE-2018-10545: do not set PRSETDUMPABLE in php-fpm workers by default - CVE-2018-10546: fail iconvmimedecode on invalid multibyte sequences - CVE-2018-10547: escape...

MiracleLinux 8 : php:7.3 (AXSA:2020-779:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-779:01 advisory. php: Out-of-bounds read due to integer overflow in iconvmimedecodeheaders CVE-2019-11039 php: Buffer over-read in exifreaddata CVE-2019-11040 php:...

CVE-2025-65843

Aquarius Desktop 3.0.069 for macOS contains an insecure file handling vulnerability in its support data archive generation feature. The application follows symbolic links placed inside the /Library/Logs/Aquarius directory and treats them as regular files. When building the support ZIP, Aquarius...

AZL-48312 CVE-2024-43806 affecting package virtiofsd for versions less than 1.8.0-3

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

AZL-48330 CVE-2024-43806 affecting package kata-containers-cc for versions less than 3.2.0.azl4-1

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

UBUNTU-CVE-2024-43806

Rustix is a set of safe Rust bindings to POSIX-ish APIs. When using rustix::fs::Dir using the linuxraw backend, it's possible for the iterator to "get stuck" when an IO error is encountered. Combined with a memory over-allocation issue in rustix::fs::Dir::readmore, this can cause quick and...

SUSE CVE-2019-11045

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...

php: DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte

In PHP versions 7.2.x below 7.2.26, 7.3.x below 7.3.13 and 7.4.0, PHP DirectoryIterator class accepts filenames with embedded \0 byte and treats them as terminating at that byte. This could lead to security vulnerabilities, e.g. in applications checking paths that the code is allowed to access...