SUSE-SU-2025:0994-1 Security update for php8

This update for php8 fixes the following issues: - CVE-2024-11235: Fixed reference counting in phprequestshutdown causing Use-After-Free bsc1239666 - CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers bsc1239664 - CVE-2025-1219: Fixed libxml streams using wrong...

PHP 8.4.x < 8.4.5 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.1.x < 8.1.32 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.3.x < 8.3.19 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

PHP 8.2.x < 8.2.28 Multiple Vulnerabilities

According to its self-reported version number, the version of PHP installed on the remote host is 8.1.x prior to 8.1.32, 8.2.x prior to 8.2.28, 8.3.x prior to 8.3.19, or 8.4.x prior to 8.4.5. It is, therefore, affected by multiple vulnerabilities: - libxml streams use wrong content-type header wh...

[slackware-security] php

New php packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: extra/php81/php81-8.1.32-i586-1slack15.0.txz: Upgraded. This update fixes security issues: LibXML: libxml streams use wrong content-type header when...

PT-2025-11345

Name of the Vulnerable Software and Affected Versions: PHP versions up to 8.1.31 PHP versions up to 8.2.27 PHP versions up to 8.3.18 PHP versions up to 8.4.4 php7.4 Description: The issue concerns the Streams HTTP Wrapper in PHP. Recommendations: For PHP versions up to 8.1.31, update to a version...

AZL-39972 CVE-2023-45142 affecting package moby-engine for versions less than 24.0.9-10

OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels http.useragent and http.method that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. HTTP...

GHSA-M496-X567-F98C Fixes a bug in Zend Framework's Stream HTTP Wrapper

Impact CVE-2021-3007: Backport of ZendHttpResponseStream, added certain type checking as a way to prevent exploitation. https://vulners.com/cve/CVE-2021-3007 This vulnerability is caused by the unsecured deserialization of an object. In versions higher than Zend Framework 3.0.0, the attacker abus...

php: Stack-based buffer under-read in php_stream_url_wrap_http_ex() in http_fopen_wrapper.c when parsing HTTP response

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...

UBUNTU-CVE-2018-7584

In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and 7.2.x through 7.2.2, there is a stack-based buffer under-read while parsing an HTTP response in the phpstreamurlwraphttpex function in ext/standard/httpfopenwrapper.c. This subsequently results in copying a large string...