RLSA-2025:23309

Details

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

php: pgsql extension does not check for errors during escaping (CVE-2025-1735)
php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)
php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Packages

Rocky Linux:9php

Fixed in:

0:8.3.26-1.module+el9.7.0+40049+21bbec6b

Rocky Linux:9php-pecl-apcu

Fixed in:

0:5.1.23-1.module+el9.7.0+40004+bf50a568

Rocky Linux:9php-pecl-apcu

Fixed in:

0:5.1.23-1.module+el9.7.0+40005+715283ec

Rocky Linux:9php-pecl-redis6

Fixed in:

0:6.1.0-2.module+el9.7.0+40005+715283ec

Rocky Linux:9php-pecl-rrd

Fixed in:

0:2.0.3-4.module+el9.7.0+40003+454ed3c4

Rocky Linux:9php-pecl-rrd

Fixed in:

0:2.0.3-4.module+el9.7.0+40004+bf50a568

Rocky Linux:9php-pecl-rrd

Fixed in:

0:2.0.3-4.module+el9.7.0+40005+715283ec

Rocky Linux:9php-pecl-xdebug3

Fixed in:

0:3.3.1-1.module+el9.7.0+40005+715283ec

Rocky Linux:9php-pecl-zip

Fixed in:

0:1.22.3-1.module+el9.7.0+40004+bf50a568

Rocky Linux:9php-pecl-zip

Fixed in:

0:1.22.3-1.module+el9.7.0+40005+715283ec

References

REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2378689 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2378690 REPORThttps://bugzilla.redhat.com/show_bug.cgi?id=2379792 ADVISORYhttps://errata.rockylinux.org/RLSA-2025:23309

RLSA-2025:23309

Details

Affected Packages

References

CVSS Analysis

Upstream

Ecosystems

Credits

Timeline