Advisory: CLSA-2025:1757016160
OS: Ubuntu 16.04 ELS
Public date: 2025-09-04 20:02:42.33578
Project: php
Version: 7.0.33-0ubuntu0.16.04.17+tuxcare.els15
Errata link: https://errata.tuxcare.com/els_os/ubuntu16.04els/CLSA-2025-1757016160.html
* SECURITY UPDATE: misinterpretation of HTTP response headers - debian/patches/CVE-2025-1217.patch: adds HTTP header folding support for HTTP wrapper response headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1217 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1734.patch: adds logic to fail invalid HTTP headers in ext/standard/http_fopen_wrapper.c - CVE-2025-1734 * SECURITY UPDATE: http redirect location truncation - debian/patches/CVE-2025-1861.patch: converts the allocation of location to be on heap instead of stack and errors if the location length is greater than 8086 bytes in ext/standard/http_fopen_wrapper.c - CVE-2025-1861 * SECURITY UPDATE: insufficient HTTP header validation - debian/patches/CVE-2025-1736.patch: updates the http user header check for crlf in ext/standard/http_fopen_wrapper.c - CVE-2025-1736
Update command: apt-get update apt-get --only-upgrade install php*
libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_all.deb php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_all.deb php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els15_amd64.deb