Issued at: 2025-07-29
Updated at: 2025-07-29
Synopsis
Important: php:8.3 security update
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)
* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)
* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)
* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)
* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)
* php: Reference counting in php_request_shutdown causes Use-After-Free (CVE-2024-11235)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.