Release Info

Advisory: CLSA-2025:1757014652

OS: Ubuntu 18.04 ELS

Public date: 2025-09-04 19:37:34.737597

Project: php

Version: 7.2.24-0ubuntu0.18.04.17+tuxcare.els10

Errata link: https://errata.tuxcare.com/els_os/ubuntu18.04els/CLSA-2025-1757014652.html

Changelog

* SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1217 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1734.patch: adds logic to fail invalid HTTP headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1734 * SECURITY UPDATE: http redirect location truncation - debian/patches/CVE-2025-1861.patch: converts the allocation of location to be on heap instead of stack and errors if the location length is greater than 8086 bytes in ext/standard/http_fopen_wrapper.c - CVE-2025-1861 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1736.patch: updates the http user header check for crlf in ext/standard/http_fopen_wrapper.c - CVE-2025-1736

Update

Update command: apt-get update apt-get --only-upgrade install php*

Packages list

libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb libphp7.2-embed_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_all.deb php7.2-bcmath_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-bz2_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-cgi_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-cli_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-common_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-curl_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-dba_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-dev_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-enchant_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-fpm_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-gd_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-gmp_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-imap_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-interbase_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-intl_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-json_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-ldap_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-mbstring_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-mysql_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-odbc_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-opcache_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-pgsql_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-phpdbg_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-pspell_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-readline_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-recode_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-snmp_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-soap_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-sqlite3_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-sybase_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-tidy_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-xml_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-xmlrpc_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb php7.2-xsl_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_all.deb php7.2-zip_7.2.24-0ubuntu0.18.04.17+tuxcare.els10_amd64.deb

CVEs

CVE-2025-1736
CVE-2025-1861
CVE-2025-1734
CVE-2025-1217