Advisories » MGASA-2025-0330

Updated php packages fix security vulnerabilities

Publication date: 21 Dec 2025
Modification date: 21 Dec 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-14180 , CVE-2025-14178 , CVE-2025-14177

Description

Opcache:
- Reset global pointers to prevent use-after-free in zend_jit_status.
PDO:
- Fixed PDO quoting result null deref.
Standard:
- Fixed Null byte termination in dns_get_record
- Heap buffer overflow in array_merge
- Information Leak of Memory in getimagesize
                

References

• https://bugs.mageia.org/show_bug.cgi?id=34873
• https://www.php.net/ChangeLog-8.php#8.2.30
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14180
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14178
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14177

SRPMS

9/core

• php-8.2.30-1.mga9