Oracle Linux 9 : php (ELSA-2025-7431)

The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-7431 advisory. – Fix libxml streams use wrong content-type header when requesting a redirected resource CVE-2025-1219 – Fix Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 – Fix Stream HTTP wrapper truncate redirect location to 1024 bytes CVE-2025-1861 – Fix Streams HTTP wrapper does not fail for headers without colon CVE-2025-1734 – Fix Header parser of http stream wrapper does not handle folded headers CVE-2025-1217 – Fix Leak partial content of the heap through heap buffer over-read CVE-2024-8929 – Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 – Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 – Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 – Fix Logs from childrens may be altered CVE-2024-9026 – Fix Erroneous parsing of multipart form data CVE-2024-8925 – Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458 – Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 – Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory….Read More