AlmaLinux 9 : php:8.3 (ALSA-2025:7418)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:7418 advisory. php: Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 php: Stream HTTP wrapper header check might omit basic auth header...

MGASA-2025-0100 Updated php packages fix security vulnerabilities

Bugs and security with streams have been fixed...

MGASA-2024-0132 Updated php packages fix security vulnerabilities

Core: - Corrupted memory in destructor with weak references - GC does not scale well with a lot of objects created in destructor DOM: - Add some missing ZPP checks. - Fix potential memory leak in XPath evaluation results. FPM: - Fix incorrect check in fpmshmfree. Gettext: - Fixed sigabrt raised...

MGASA-2023-0065 Updated php packages fix security vulnerability

The passwordverify function may accept some invalid Blowfish hashes as valid. If such invalid hash ever ends up in the password database, it may lead to an application allowing any password for this entry as valid. CVE-2023-0567 The core path resolution function allocates a buffer one byte too...

MGASA-2021-0330 Updated php packages fix security vulnerabilities

Updated php packages provides upstream 8.0.8 and fixes the following security vulnerabilities: - PDOFirebird: Fix Stack buffer overflow in firebirdinfocb CVE-2021-21704. Fix SIGSEGV in firebirdhandledoer CVE-2021-21704. Fix SIGSEGV in firebirdstmtexecute CVE-2021-21704. Fix Crash while parsing bl...

MGASA-2021-0025 Updated php packages fix security vulnerability

FILTERVALIDATEURL accepts URLs with invalid userinfo CVE-2020-7071. streamgetcontents fails with maxlength=-1 or default. See upstream releasenotes for other changes...

MGASA-2020-0066 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: Two buffer overflows in string and mbstring handling have been found CVE-2020-7059, CVE-2020-7060. Other security fixes have been applied: - Session: Fixed bug 79091 heap use-after-free in sessioncreateid. - Date: Fixed bug 79015 undefined-behavi...

MGASA-2018-0484 Updated php packages fix security vulnerability

Bypassing disabled exec functions in PHP via imapopen CVE-2018-19518...

MGASA-2018-0222 Updated php packages fix security vulnerabilities

Heap Buffer Overflow READ: 1786 in exifiifaddvalue CVE-2018-10549 - Stream filter convert.iconv leads to infinite loop on invalid sequence CVE-2018-10546 - Malicious LDAP-Server Response causes Crash. CVE-2018-10548 - incomplete PHAR Fix CVE-2018-10547...

MGASA-2016-0319 Updated php packages fix security vulnerabilities

Memory Corruption in During Deserialized-object Destruction CVE-2016-7411. Heap overflow in mysqlnd related to BIT fields CVE-2016-7412. wddxdeserialize use-after-free CVE-2016-7413. Out of bound when verify signature of zip phar in pharparsezipfile CVE-2016-7414. Missing locale length check in...

MGASA-2015-0357 Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities: The php package has been updated to version 5.6.13, which fixes several security issues and other bugs. See the upstream ChangeLog for more details...