Mageia Advisory: MGASA-2025-0203 - Updated php packages fix security vulnerabilities

Updated php packages fix security vulnerabilities

Publication date: 05 Jul 2025
Modification date: 05 Jul 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-1735 , CVE-2025-6491 , CVE-2025-1220

Description

PGSQL:
Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors
during escaping). (CVE-2025-1735)
SOAP:
Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP
Extension via Large XML Namespace Prefix). (CVE-2025-6491)
Standard:
Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames).
(CVE-2025-1220)

References

https://bugs.mageia.org/show_bug.cgi?id=34418
https://www.php.net/ChangeLog-8.php#8.2.29
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220

SRPMS

9/core

php-8.2.29-1.mga9

Advisories » MGASA-2025-0203

Updated php packages fix security vulnerabilities

Description

References

SRPMS

9/core