ALT Linux Team

Package php8.2-soap update in p11 on 2025-12-29

ALT-PU-2025-16438-2

Package php8.2-soap updated to version 8.2.30-alt1 for branch p11 in task 403712.

Closed vulnerabilities

Published: 2026-01-16
Modified: 2026-03-11

BDU:2026-00449

Уязвимость объектно-ориентированного прикладного программного интерфейса PDO интерпретатора языка программирования PHP, позволяющая нарушителю вызвать отказ в обслуживании

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: LOW (2.6)Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P
References:
Published: 2026-03-10
Modified: 2026-03-12

BDU:2026-02748

Уязвимость функции php_read_stream_all_chunks языка программирования PHP, позволяющая нарушителю получить доступ к конфиденциальным данным

Severity: LOW (3.7)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity: MEDIUM (4.3)Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
References:
Published: 2026-03-10
Modified: 2026-03-12

BDU:2026-02749

Уязвимость функции php_array_merge_wrapper языка программирования PHP, позволяющая нарушителю нарушить целостность данных, а также вызвать отказ в обслуживании

Severity: MEDIUM (6.5)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Severity: MEDIUM (6.1)Vector: AV:N/AC:H/Au:N/C:N/I:P/A:C
References:
Published: 2025-12-27
Modified: 2026-01-08

CVE-2025-14177

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function may leak uninitialized heap memory into the APPn segments (e.g., APP1) when reading images in multi-chunk mode (such as via php://filter). This occurs due to a bug in php_read_stream_all_chunks() that overwrites the buffer without advancing the pointer, leaving tail bytes uninitialized. This may lead to information disclosure of sensitive heap data and affect the confidentiality of the target server.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (6.3)Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:
Published: 2025-12-27
Modified: 2026-01-24

CVE-2025-14178

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE, due to an integer overflow in the precomputation of element counts using zend_hash_num_elements(). This may lead to memory corruption or crashes and affect the integrity and availability of the target server.

Severity: HIGH (8.2)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
References:
Published: 2025-12-27
Modified: 2026-01-09

CVE-2025-14180

In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled, an invalid character sequence (such as \x99) in a prepared statement parameter may cause the quoting function PQescapeStringConn to return NULL, leading to a null pointer dereference in pdo_parse_params() function. This may lead to crashes (segmentation fault) and affect the availability of the target server.

Severity: HIGH (7.5)Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH (8.2)Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References:
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: 2.1.2
Back to top