Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-1025


Security update for php7


Type: security
Severity: important
Issued: 2025-03-26
Description:
This update for php7 fixes the following issues:

- CVE-2024-11235: Fixed reference counting in php_request_shutdown causing Use-After-Free (bsc#1239666)
- CVE-2025-1217: Fixed header parser of http stream wrapper not handling folded headers (bsc#1239664)
- CVE-2025-1219: Fixed libxml streams using wrong content-type header when requesting a redirected resource (bsc#1239667)
- CVE-2025-1734: Fixed streams HTTP wrapper not failing for headers with invalid name and no colon (bsc#1239668)
- CVE-2025-1736: Fixed stream HTTP wrapper header check might omitting basic auth header (bsc#1239670)
- CVE-2025-1861: Fixed stream HTTP wrapper truncate redirect location to 1024 bytes (bsc#1239669)


              

Packages


  • php7-embed-7.4.33-150400.4.48.1