AlmaLinux 9 has issued a moderate security update for PHP 8.1, designated as ALSA-2025:4263, effective from April 29, 2025. This update addresses several security vulnerabilities that could potentially impact users and applications using PHP, a popular scripting language often employed alongside the Apache HTTP Server.
The security flaws corrected in this update include:
- CVE-2024-8929: A vulnerability that could lead to the leaking of partial heap content via a buffer over-read in the mysqlnd extension.
- CVE-2024-11233: An issue involving a single byte overread when utilizing the convert.quoted-printable-decode filter.
- CVE-2024-11234: A potential CRLF injection vulnerability when configuring a proxy in a stream context.
- CVE-2025-1217: A problem with the HTTP stream wrapper's header parser that fails to properly handle folded headers.
- CVE-2025-1736: An omission of the basic authentication header in the stream HTTP wrapper header check.
- CVE-2025-1734: A failure in the streams HTTP wrapper to reject headers with invalid names or missing colons.
- CVE-2025-1219: An incorrect content-type header used by libxml streams when requesting redirected resources.
- CVE-2025-1861: A truncation issue where the redirect location in the stream HTTP wrapper is limited to 1024 bytes.
For comprehensive information regarding the security issues, including their potential impact and CVSS scores, users are encouraged to visit the provided CVE pages linked in the update announcement.
For those interested in further details, updates, and related resources, they can access the complete information on AlmaLinux’s errata page. Should users have questions or need assistance, they can utilize the AlmaLinux community chat.
This notification is automatically generated, so responses are not monitored. Users can manage their notification preferences through the AlmaLinux mailing lists portal.
Extension:
In light of the evolving cybersecurity landscape, it is crucial for users and administrators of AlmaLinux and PHP to remain vigilant about regularly applying security updates. This update not only addresses critical vulnerabilities but also emphasizes the need for ongoing education regarding secure coding practices and server configurations. Furthermore, as PHP continues to be integral to web development, users should consider implementing additional security measures such as web application firewalls (WAFs), regular security audits, and active monitoring of server logs to detect any suspicious activity. Staying informed through community channels and engaging with security-focused updates will also enhance the overall security posture of applications running on AlmaLinux 9
The security flaws corrected in this update include:
- CVE-2024-8929: A vulnerability that could lead to the leaking of partial heap content via a buffer over-read in the mysqlnd extension.
- CVE-2024-11233: An issue involving a single byte overread when utilizing the convert.quoted-printable-decode filter.
- CVE-2024-11234: A potential CRLF injection vulnerability when configuring a proxy in a stream context.
- CVE-2025-1217: A problem with the HTTP stream wrapper's header parser that fails to properly handle folded headers.
- CVE-2025-1736: An omission of the basic authentication header in the stream HTTP wrapper header check.
- CVE-2025-1734: A failure in the streams HTTP wrapper to reject headers with invalid names or missing colons.
- CVE-2025-1219: An incorrect content-type header used by libxml streams when requesting redirected resources.
- CVE-2025-1861: A truncation issue where the redirect location in the stream HTTP wrapper is limited to 1024 bytes.
For comprehensive information regarding the security issues, including their potential impact and CVSS scores, users are encouraged to visit the provided CVE pages linked in the update announcement.
For those interested in further details, updates, and related resources, they can access the complete information on AlmaLinux’s errata page. Should users have questions or need assistance, they can utilize the AlmaLinux community chat.
This notification is automatically generated, so responses are not monitored. Users can manage their notification preferences through the AlmaLinux mailing lists portal.
Extension:
In light of the evolving cybersecurity landscape, it is crucial for users and administrators of AlmaLinux and PHP to remain vigilant about regularly applying security updates. This update not only addresses critical vulnerabilities but also emphasizes the need for ongoing education regarding secure coding practices and server configurations. Furthermore, as PHP continues to be integral to web development, users should consider implementing additional security measures such as web application firewalls (WAFs), regular security audits, and active monitoring of server logs to detect any suspicious activity. Staying informed through community channels and engaging with security-focused updates will also enhance the overall security posture of applications running on AlmaLinux 9
PHP 8.1 security update for AlmaLinux 9
AlmaLinux 9 has received a moderate security update for PHP 8.1:
ALSA-2025:4263: php:8.1 security update (Moderate)
