Moderate: php:8.2 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2025:15687", "synopsis": "Moderate: php:8.2 security update", "severity": "SEVERITY_MODERATE", "topic": "An update is available for module.php, module.php-pear, module.php-pecl-apcu, php-pecl-rrd, module.php-pecl-xdebug3, php-pear, php-pecl-zip, module.php-pecl-zip, module.php-pecl-rrd, php-pecl-apcu, php-pecl-xdebug3, module.libzip, libzip.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.\n\nSecurity Fix(es):\n\n* php: Leak partial content of the heap through heap buffer over-read in mysqlnd (CVE-2024-8929)\n\n* php: Single byte overread with convert.quoted-printable-decode filter (CVE-2024-11233)\n\n* php: Configuring a proxy in a stream context might allow for CRLF injection in URIs (CVE-2024-11234)\n\n* php: Header parser of http stream wrapper does not handle folded headers (CVE-2025-1217)\n\n* php: Stream HTTP wrapper header check might omit basic auth header (CVE-2025-1736)\n\n* php: Streams HTTP wrapper does not fail for headers with invalid name and no colon (CVE-2025-1734)\n\n* php: libxml streams use wrong content-type header when requesting a redirected resource (CVE-2025-1219)\n\n* php: Stream HTTP wrapper truncates redirect location to 1024 bytes (CVE-2025-1861)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2327960", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2327960", "description": ""}, {"ticket": "2328521", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328521","description": ""}, {"ticket": "2328523", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2328523", "description": ""}, {"ticket": "2355917", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2355917", "description": ""}, {"ticket": "2356041", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2356041", "description": ""}, {"ticket": "2356042", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2356042", "description": ""}, {"ticket": "2356043", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2356043", "description": ""}, {"ticket": "2356046", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2356046", "description": ""}], "cves": [{"name": "CVE-2024-11233", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11233", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L", "cvss3BaseScore": "4.8", "cwe": "CWE-122"}, {"name": "CVE-2024-11234", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-11234", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "cvss3BaseScore": "4.8", "cwe": "CWE-20"}, {"name": "CVE-2024-8929", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2024-8929", "cvss3ScoringVector": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N", "cvss3BaseScore": "5.8", "cwe": "CWE-200"}, {"name": "CVE-2025-1217", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-1217", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-20"}, {"name": "CVE-2025-1219", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-1219", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-20"}, {"name": "CVE-2025-1734", "sourceBy": "MITRE", "sourceLink":"https://www.cve.org/CVERecord?id=CVE-2025-1734", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-20"}, {"name": "CVE-2025-1736", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-1736", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "3.7", "cwe": "CWE-20"}, {"name": "CVE-2025-1861", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-1861", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "cvss3BaseScore": "5.3", "cwe": "CWE-131"}], "references": [], "publishedAt": "2026-02-11T09:10:35.649030Z", "rpms": {"Rocky Linux 8": {"nvras": ["libzip-0:1.7.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-0:8.2.28-1.module+el8.10.0+2063+87cdeef4.src.rpm", "php-pear-1:1.10.14-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1596+477f03f8.src.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1596+477f03f8.src.rpm", "apcu-panel-0:5.1.23-1.module+el8.10.0+1911+f499711e.noarch.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1911+f499711e.src.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1605+02e07af7.src.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-debuginfo-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "libzip-debugsource-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-debugsource-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm","libzip-debugsource-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-debugsource-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "libzip-devel-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-tools-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "libzip-tools-debuginfo-0:1.7.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "php-pear-1:1.10.14-1.module+el8.10.0+1911+f499711e.noarch.rpm", "php-pear-1:1.10.14-1.module+el8.10.0+1911+f499711e.src.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1911+f499711e.src.rpm", "php-pecl-apcu-0:5.1.23-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-apcu-debuginfo-0:5.1.23-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-apcu-debuginfo-0:5.1.23-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-apcu-debugsource-0:5.1.23-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-apcu-debugsource-0:5.1.23-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-apcu-devel-0:5.1.23-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-apcu-devel-0:5.1.23-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1911+f499711e.src.rpm","php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1605+02e07af7.src.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "php-pecl-rrd-0:2.0.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-rrd-debuginfo-0:2.0.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1605+02e07af7.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-rrd-debugsource-0:2.0.3-1.module+el8.10.0+1605+02e07af7.x86_64.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1911+f499711e.src.rpm", "php-pecl-xdebug3-0:3.2.2-2.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-xdebug3-debuginfo-0:3.2.2-2.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-xdebug3-debuginfo-0:3.2.2-2.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-xdebug3-debugsource-0:3.2.2-2.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-xdebug3-debugsource-0:3.2.2-2.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1911+f499711e.src.rpm", "php-pecl-zip-0:1.22.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-zip-debuginfo-0:1.22.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-zip-debuginfo-0:1.22.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm", "php-pecl-zip-debugsource-0:1.22.3-1.module+el8.10.0+1911+f499711e.aarch64.rpm", "php-pecl-zip-debugsource-0:1.22.3-1.module+el8.10.0+1911+f499711e.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Moderate security updates for PHP and related modules on Rocky Linux to mitigate various exploitableissues.. Rocky Linux PHP Security Update, Security Advisory PHP, Moderate Security Patch. . LinuxSecurity.com Team
Several security issues were fixed in Tomcat.. =========================================================================Ubuntu Security Notice USN-4596-1 October 21, 2020 tomcat9 vulnerabilities ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS Summary: Several security issues were fixed in Tomcat. Software Description: - tomcat9: Apache Tomcat 9 - Servlet and JSP engine Details: It was discovered that Tomcat did not properly manage HTTP/2 streams. An attacker could possibly use this to cause Tomcat to consume resources, resulting in a denial of service. (CVE-2020-11996) It was discovered that Tomcat did not properly release the HTTP/1.1 processor after the upgrade to HTTP/2. An attacker could possibly use this to generate an OutOfMemoryException, resulting in a denial of service. (CVE-2020-13934) It was discovered that Tomcat did not properly validate the payload length in a WebSocket frame. An attacker could possibly use this to trigger an infinite loop, resulting in a denial of service. (CVE-2020-13935) It was discovered that Tomcat did not properly deserialize untrusted data. An attacker could possibly use this issue to execute arbitrary code. (CVE-2020-9484) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: libtomcat9-embed-java 9.0.31-1ubuntu0.1 libtomcat9-java 9.0.31-1ubuntu0.1 tomcat9 9.0.31-1ubuntu0.1 tomcat9-common 9.0.31-1ubuntu0.1 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-4596-1 CVE-2020-11996, CVE-2020-13934, CVE-2020-13935, CVE-2020-9484 Package Information: https://launchpad.net/ubuntu/+source/tomcat9/9.0.31-1ubuntu0.1 . Several security flaws in Tomcat highlighted inUbuntu security advisory USN-4596-1, affecting operational stability.. Ubuntu Tomcat Vulnerabilities, Apache Tomcat Security, Ubuntu Security Notice. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.