- Issued:
- 2025-05-13
- Updated:
- 2025-05-13
RHSA-2025:7315 - Moderate: php security update
Synopsis
Moderate: php security update
Type/Severity
Security Advisory Moderate
Topic
An update for php is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.
Security Fix(es):
-
php: host/secure cookie bypass due to partial CVE-2022-31629 fix (CVE-2024-2756)
-
php: password_verify can erroneously return true, opening ATO risk (CVE-2024-3096)
-
php: Filter bypass in filter_var (FILTER_VALIDATE_URL) (CVE-2024-5458)
-
php: Erroneous parsing of multipart form data (CVE-2024-8925)
-
php: cgi.force_redirect configuration is bypassable due to the environment variable collision (CVE-2024-8927)
-
php: PHP-FPM Log Manipulation Vulnerability (CVE-2024-9026)
-
php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)
-
php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)
-
php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
| Product | Version | Arch |
|---|---|---|
| Red Hat Enterprise Linux for x86_64 | 9 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions | 9.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Update Support | 9.6 | x86_64 |
| Red Hat Enterprise Linux for x86_64 - Extended Life Cycle | 9.6 | x86_64 |
| Red Hat Enterprise Linux for Power, little endian | 9 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Update Support | 9.6 | ppc64le |
| Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle | 9.6 | ppc64le |
| Red Hat Enterprise Linux for IBM z Systems | 9 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Update Support | 9.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle | 9.6 | s390x |
| Red Hat Enterprise Linux for IBM z Systems - 4 years of updates | 9.6 | s390x |
| Red Hat Enterprise Linux for ARM 64 | 9 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Update Support | 9.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle | 9.6 | aarch64 |
| Red Hat Enterprise Linux for ARM 64 - 4 years of updates | 9.6 | aarch64 |
| Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions | 9.6 | ppc64le |
| Red Hat Enterprise Linux Server - AUS | 9.6 | x86_64 |
Updated Packages
- php-ffi-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-fpm-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-enchant-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-embedded-8.0.30-2.el9.x86_64.rpm
- php-cli-debuginfo-8.0.30-2.el9.s390x.rpm
- php-dba-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-embedded-8.0.30-2.el9.aarch64.rpm
- php-cli-8.0.30-2.el9.x86_64.rpm
- php-common-8.0.30-2.el9.ppc64le.rpm
- php-dbg-8.0.30-2.el9.aarch64.rpm
- php-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-8.0.30-2.el9.x86_64.rpm
- php-bcmath-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-cli-8.0.30-2.el9.ppc64le.rpm
- php-enchant-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-ldap-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-enchant-8.0.30-2.el9.aarch64.rpm
- php-intl-debuginfo-8.0.30-2.el9.s390x.rpm
- php-bcmath-8.0.30-2.el9.s390x.rpm
- php-cli-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-odbc-8.0.30-2.el9.s390x.rpm
- php-odbc-debuginfo-8.0.30-2.el9.s390x.rpm
- php-intl-8.0.30-2.el9.x86_64.rpm
- php-pdo-debuginfo-8.0.30-2.el9.s390x.rpm
- php-fpm-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-pgsql-8.0.30-2.el9.x86_64.rpm
- php-pgsql-debuginfo-8.0.30-2.el9.s390x.rpm
- php-soap-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-xml-8.0.30-2.el9.ppc64le.rpm
- php-xml-debuginfo-8.0.30-2.el9.s390x.rpm
- php-common-debuginfo-8.0.30-2.el9.s390x.rpm
- php-dbg-8.0.30-2.el9.s390x.rpm
- php-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-fpm-8.0.30-2.el9.s390x.rpm
- php-mysqlnd-8.0.30-2.el9.x86_64.rpm
- php-soap-8.0.30-2.el9.x86_64.rpm
- php-soap-debuginfo-8.0.30-2.el9.s390x.rpm
- php-embedded-8.0.30-2.el9.s390x.rpm
- php-ldap-8.0.30-2.el9.aarch64.rpm
- php-xml-8.0.30-2.el9.aarch64.rpm
- php-embedded-debuginfo-8.0.30-2.el9.s390x.rpm
- php-gd-8.0.30-2.el9.ppc64le.rpm
- php-ldap-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-process-8.0.30-2.el9.ppc64le.rpm
- php-process-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-soap-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-bcmath-debuginfo-8.0.30-2.el9.s390x.rpm
- php-enchant-8.0.30-2.el9.ppc64le.rpm
- php-pgsql-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-process-8.0.30-2.el9.s390x.rpm
- php-dba-debuginfo-8.0.30-2.el9.s390x.rpm
- php-soap-8.0.30-2.el9.aarch64.rpm
- php-8.0.30-2.el9.src.rpm
- php-process-8.0.30-2.el9.aarch64.rpm
- php-xml-8.0.30-2.el9.s390x.rpm
- php-odbc-8.0.30-2.el9.ppc64le.rpm
- php-ffi-8.0.30-2.el9.aarch64.rpm
- php-devel-8.0.30-2.el9.ppc64le.rpm
- php-ffi-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-xml-8.0.30-2.el9.x86_64.rpm
- php-dba-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-pdo-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-fpm-debuginfo-8.0.30-2.el9.s390x.rpm
- php-mysqlnd-8.0.30-2.el9.ppc64le.rpm
- php-snmp-8.0.30-2.el9.s390x.rpm
- php-embedded-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-mysqlnd-debuginfo-8.0.30-2.el9.s390x.rpm
- php-ffi-debuginfo-8.0.30-2.el9.s390x.rpm
- php-fpm-8.0.30-2.el9.ppc64le.rpm
- php-dbg-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-common-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-pdo-8.0.30-2.el9.x86_64.rpm
- php-common-8.0.30-2.el9.x86_64.rpm
- php-intl-8.0.30-2.el9.aarch64.rpm
- php-common-8.0.30-2.el9.s390x.rpm
- php-intl-8.0.30-2.el9.s390x.rpm
- php-8.0.30-2.el9.s390x.rpm
- php-gmp-8.0.30-2.el9.aarch64.rpm
- php-snmp-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-devel-8.0.30-2.el9.x86_64.rpm
- php-mbstring-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-mysqlnd-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-dba-8.0.30-2.el9.s390x.rpm
- php-embedded-8.0.30-2.el9.ppc64le.rpm
- php-dbg-8.0.30-2.el9.ppc64le.rpm
- php-mbstring-8.0.30-2.el9.ppc64le.rpm
- php-mysqlnd-8.0.30-2.el9.aarch64.rpm
- php-devel-8.0.30-2.el9.s390x.rpm
- php-odbc-8.0.30-2.el9.x86_64.rpm
- php-pdo-8.0.30-2.el9.aarch64.rpm
- php-bcmath-8.0.30-2.el9.aarch64.rpm
- php-dba-8.0.30-2.el9.x86_64.rpm
- php-intl-8.0.30-2.el9.ppc64le.rpm
- php-enchant-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-gmp-8.0.30-2.el9.ppc64le.rpm
- php-odbc-8.0.30-2.el9.aarch64.rpm
- php-intl-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-pgsql-8.0.30-2.el9.ppc64le.rpm
- php-pgsql-8.0.30-2.el9.s390x.rpm
- php-gd-debuginfo-8.0.30-2.el9.s390x.rpm
- php-mysqlnd-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-dbg-8.0.30-2.el9.x86_64.rpm
- php-opcache-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-odbc-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-opcache-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-gmp-debuginfo-8.0.30-2.el9.s390x.rpm
- php-ldap-debuginfo-8.0.30-2.el9.s390x.rpm
- php-mysqlnd-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-opcache-8.0.30-2.el9.aarch64.rpm
- php-gmp-8.0.30-2.el9.s390x.rpm
- php-dbg-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-process-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-dba-8.0.30-2.el9.aarch64.rpm
- php-ldap-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-8.0.30-2.el9.aarch64.rpm
- php-ffi-8.0.30-2.el9.x86_64.rpm
- php-pdo-8.0.30-2.el9.s390x.rpm
- php-pdo-8.0.30-2.el9.ppc64le.rpm
- php-snmp-debuginfo-8.0.30-2.el9.s390x.rpm
- php-debugsource-8.0.30-2.el9.x86_64.rpm
- php-intl-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-mbstring-8.0.30-2.el9.s390x.rpm
- php-process-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-common-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-soap-8.0.30-2.el9.s390x.rpm
- php-fpm-8.0.30-2.el9.aarch64.rpm
- php-fpm-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-gd-8.0.30-2.el9.x86_64.rpm
- php-intl-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-snmp-8.0.30-2.el9.ppc64le.rpm
- php-8.0.30-2.el9.ppc64le.rpm
- php-xml-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-enchant-debuginfo-8.0.30-2.el9.s390x.rpm
- php-dbg-debuginfo-8.0.30-2.el9.s390x.rpm
- php-mbstring-8.0.30-2.el9.aarch64.rpm
- php-bcmath-8.0.30-2.el9.ppc64le.rpm
- php-odbc-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-opcache-8.0.30-2.el9.x86_64.rpm
- php-dbg-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-cli-8.0.30-2.el9.aarch64.rpm
- php-gd-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-opcache-8.0.30-2.el9.ppc64le.rpm
- php-embedded-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-gmp-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-opcache-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-pgsql-8.0.30-2.el9.aarch64.rpm
- php-gd-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-dba-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-bcmath-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-ldap-8.0.30-2.el9.s390x.rpm
- php-mbstring-8.0.30-2.el9.x86_64.rpm
- php-debugsource-8.0.30-2.el9.aarch64.rpm
- php-enchant-8.0.30-2.el9.x86_64.rpm
- php-pgsql-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-debuginfo-8.0.30-2.el9.s390x.rpm
- php-odbc-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-pdo-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-mbstring-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-cli-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-process-debuginfo-8.0.30-2.el9.s390x.rpm
- php-ldap-8.0.30-2.el9.ppc64le.rpm
- php-debugsource-8.0.30-2.el9.ppc64le.rpm
- php-ffi-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-gmp-8.0.30-2.el9.x86_64.rpm
- php-bcmath-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-ffi-8.0.30-2.el9.ppc64le.rpm
- php-enchant-8.0.30-2.el9.s390x.rpm
- php-snmp-8.0.30-2.el9.aarch64.rpm
- php-devel-8.0.30-2.el9.aarch64.rpm
- php-cli-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-gmp-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-debugsource-8.0.30-2.el9.s390x.rpm
- php-embedded-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-soap-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-snmp-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-xml-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-xml-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-bcmath-8.0.30-2.el9.x86_64.rpm
- php-cli-8.0.30-2.el9.s390x.rpm
- php-gd-debuginfo-8.0.30-2.el9.ppc64le.rpm
- php-ldap-8.0.30-2.el9.x86_64.rpm
- php-mbstring-debuginfo-8.0.30-2.el9.s390x.rpm
- php-opcache-8.0.30-2.el9.s390x.rpm
- php-fpm-8.0.30-2.el9.x86_64.rpm
- php-mysqlnd-8.0.30-2.el9.s390x.rpm
- php-gmp-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-gd-8.0.30-2.el9.s390x.rpm
- php-opcache-debuginfo-8.0.30-2.el9.s390x.rpm
- php-mbstring-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-ffi-8.0.30-2.el9.s390x.rpm
- php-common-debuginfo-8.0.30-2.el9.aarch64.rpm
- php-snmp-8.0.30-2.el9.x86_64.rpm
- php-snmp-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-soap-8.0.30-2.el9.ppc64le.rpm
- php-process-8.0.30-2.el9.x86_64.rpm
- php-pgsql-debuginfo-8.0.30-2.el9.x86_64.rpm
- php-common-8.0.30-2.el9.aarch64.rpm
- php-dba-8.0.30-2.el9.ppc64le.rpm
- php-gd-8.0.30-2.el9.aarch64.rpm
- php-pdo-debuginfo-8.0.30-2.el9.ppc64le.rpm
Fixes
- This content is not included.BZ - 2275058
- This content is not included.BZ - 2275061
- This content is not included.BZ - 2291252
- This content is not included.BZ - 2317049
- This content is not included.BZ - 2317051
- This content is not included.BZ - 2317144
- This content is not included.BZ - 2327960
- This content is not included.BZ - 2328521
- This content is not included.BZ - 2328523
- This content is not included.RHEL-71275
CVEs
- CVE-2024-2756
- CVE-2024-3096
- CVE-2024-5458
- CVE-2024-8925
- CVE-2024-8927
- CVE-2024-8929
- CVE-2024-9026
- CVE-2024-11233
- CVE-2024-11234
References
- https://access.redhat.com/security/updates/classification/#moderate
- https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index
Additional information
- The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at Security Contacts and Procedures.
- Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.