[Apollo] Advisories Statistics light light Login

RLSA-2026:2470

Security Mirrored from RHSA-2026:2470
Issued at: 2026-02-11
Updated at: 2026-02-11

Synopsis

Moderate: php:7.4 security update



Description

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

Security Fix(es):

* php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)

* php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)

* php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)

* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)

* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)

* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)

* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)

* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)

* php: pgsql extension does not check for errors during escaping (CVE-2025-1735)

* php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)

* php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)

* php: heap-based buffer overflow in array_merge() (CVE-2025-14178)

* php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images (CVE-2025-14177)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.



Affected products

Rocky Linux 8 aarch64 Rocky Linux 8 x86_64

Fixes

2327960 2328521 2328523 2355917 2356041 2356042 2356043 2356046 2378689 2378690 2379792 2425625 2425626

CVEs

CVE-2024-11233 CVE-2024-11234 CVE-2024-8929 CVE-2025-1217 CVE-2025-1219 CVE-2025-1220 CVE-2025-14177 CVE-2025-14178 CVE-2025-1734 CVE-2025-1735 CVE-2025-1736 CVE-2025-1861 CVE-2025-6491

Affected packages

Rocky Linux 8 x86_64 - AppStream

apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.x86_64.rpm php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.x86_64.rpm

Rocky Linux 8 aarch64 - AppStream

apcu-panel-0:5.1.18-1.module+el8.10.0+1912+72767185.noarch.rpm libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm libzip-0:1.6.1-1.module+el8.10.0+1912+72767185.src.rpm libzip-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm libzip-debugsource-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm libzip-devel-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm libzip-tools-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm libzip-tools-debuginfo-0:1.6.1-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.noarch.rpm php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.noarch.rpm php-pear-1:1.10.13-1.module+el8.10.0+1605+02e07af7.src.rpm php-pear-1:1.10.13-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-apcu-0:5.1.18-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-apcu-debuginfo-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-apcu-debugsource-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-apcu-devel-0:5.1.18-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm php-pecl-rrd-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.src.rpm php-pecl-rrd-0:2.0.1-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm php-pecl-rrd-debuginfo-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.4.0+414+2e7afcdd.aarch64.rpm php-pecl-rrd-debugsource-0:2.0.1-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-xdebug-0:2.9.5-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-xdebug-debuginfo-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-xdebug-debugsource-0:2.9.5-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-zip-0:1.18.2-1.module+el8.10.0+1912+72767185.src.rpm php-pecl-zip-debuginfo-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm php-pecl-zip-debugsource-0:1.18.2-1.module+el8.10.0+1912+72767185.aarch64.rpm