openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2025:1012-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.18.2.2025.1012.1

Categoría: openSUSE Local Security Checks

Título: openSUSE Security Advisory (SUSE-SU-2025:1012-1)

Resumen: The remote host is missing an update for the 'php8' package(s) announced via the SUSE-SU-2025:1012-1 advisory.

Descripción: Summary:
The remote host is missing an update for the 'php8' package(s) announced via the SUSE-SU-2025:1012-1 advisory.

Vulnerability Insight:
This update for php8 fixes the following issues:

- CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664)
- CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666)
- CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667)
- CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668)
- CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669)
- CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670)

Version update to 8.2.28:
Core:
Fixed bug GH-17211 (observer segfault on function loaded with dl()).
LibXML:
Fixed GHSA-wg4p-4hqh-c3g9.
Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource).
Streams:
Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header).
Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes).
Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon).
Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers).

Version update version 8.2.27
Calendar:
Fixed jdtogregorian overflow.
Fixed cal_to_jd julian_days argument overflow.
COM:
Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults).
Core:
Fail early in *nix configuration build script.
Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)).
Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469).
Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs).
Fix is_zend_ptr() huge block comparison.
Fixed potential OOB read in zend_dirname() on Windows.
Curl:
Fix various memory leaks in curl mime handling.
FPM:
Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status).
GD:
Fixed GH-16776 (imagecreatefromstring overflow).
GMP:
Revert gmp_pow() overly restrictive overflow checks.
Hash:
Fixed GH-16711: Segfault in mhash().
Opcache:
Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF).
Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads).
Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64).
OpenSSL:
Prevent unexpected array entry conversion when reading key.
Fix various memory leaks related to openssl exports.
Fix memory leak in php_openssl_pkey_from_zval().
PDO:
Fixed memory leak of `setFetchMode()`.
Phar:
Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks).
PHPDBG:
Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()).
SAPI:
Fixed bug GH-16998 (UBSAN warning in rfc1867).
SimpleXML:
Fixed bug GH-16808 (Segmentation fault in ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'php8' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2024-11235
Common Vulnerability Exposure (CVE) ID: CVE-2025-1217
Common Vulnerability Exposure (CVE) ID: CVE-2025-1219
Common Vulnerability Exposure (CVE) ID: CVE-2025-1734
Common Vulnerability Exposure (CVE) ID: CVE-2025-1736
Common Vulnerability Exposure (CVE) ID: CVE-2025-1861

Copyright Copyright (C) 2025 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.18.2.2025.1012.1
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2025:1012-1)
Resumen:	The remote host is missing an update for the 'php8' package(s) announced via the SUSE-SU-2025:1012-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'php8' package(s) announced via the SUSE-SU-2025:1012-1 advisory. Vulnerability Insight: This update for php8 fixes the following issues: - CVE-2025-1217: Fixed header parser of `http` stream wrapper not handling folded headers (bsc#1239664) - CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666) - CVE-2025-1219: Fixed libxml streams using wrong `content-type` header when requesting a redirected resource (bsc#1239667) - CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668) - CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669) - CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670) Version update to 8.2.28: Core: Fixed bug GH-17211 (observer segfault on function loaded with dl()). LibXML: Fixed GHSA-wg4p-4hqh-c3g9. Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). Streams: Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). Version update version 8.2.27 Calendar: Fixed jdtogregorian overflow. Fixed cal_to_jd julian_days argument overflow. COM: Fixed bug GH-16991 (Getting typeinfo of non DISPATCH variant segfaults). Core: Fail early in *nix configuration build script. Fixed bug GH-16727 (Opcache bad signal 139 crash in ZTS bookworm (frankenphp)). Fixed bug GH-16799 (Assertion failure at Zend/zend_vm_execute.h:7469). Fixed bug GH-16630 (UAF in lexer with encoding translation and heredocs). Fix is_zend_ptr() huge block comparison. Fixed potential OOB read in zend_dirname() on Windows. Curl: Fix various memory leaks in curl mime handling. FPM: Fixed GH-16432 (PHP-FPM 8.2 SIGSEGV in fpm_get_status). GD: Fixed GH-16776 (imagecreatefromstring overflow). GMP: Revert gmp_pow() overly restrictive overflow checks. Hash: Fixed GH-16711: Segfault in mhash(). Opcache: Fixed bug GH-16770 (Tracing JIT type mismatch when returning UNDEF). Fixed bug GH-16851 (JIT_G(enabled) not set correctly on other threads). Fixed bug GH-16902 (Set of opcache tests fail zts+aarch64). OpenSSL: Prevent unexpected array entry conversion when reading key. Fix various memory leaks related to openssl exports. Fix memory leak in php_openssl_pkey_from_zval(). PDO: Fixed memory leak of `setFetchMode()`. Phar: Fixed bug GH-16695 (phar:// tar parser and zero-length file header blocks). PHPDBG: Fixed bug GH-15208 (Segfault with breakpoint map and phpdbg_clear()). SAPI: Fixed bug GH-16998 (UBSAN warning in rfc1867). SimpleXML: Fixed bug GH-16808 (Segmentation fault in ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'php8' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-11235 Common Vulnerability Exposure (CVE) ID: CVE-2025-1217 Common Vulnerability Exposure (CVE) ID: CVE-2025-1219 Common Vulnerability Exposure (CVE) ID: CVE-2025-1734 Common Vulnerability Exposure (CVE) ID: CVE-2025-1736 Common Vulnerability Exposure (CVE) ID: CVE-2025-1861
Copyright	Copyright (C) 2025 Greenbone AG