php8-8.3.19-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15957 Final 1 1 2025-03-15T00:00:00Z current 2025-03-15T00:00:00Z 2025-03-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z php8-8.3.19-1.1 on GA media These are all security issues fixed in the php8-8.3.19-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15957 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-11235/ SUSE CVE CVE-2024-11235 page https://www.suse.com/security/cve/CVE-2025-1217/ SUSE CVE CVE-2025-1217 page https://www.suse.com/security/cve/CVE-2025-1219/ SUSE CVE CVE-2025-1219 page https://www.suse.com/security/cve/CVE-2025-1734/ SUSE CVE CVE-2025-1734 page https://www.suse.com/security/cve/CVE-2025-1736/ SUSE CVE CVE-2025-1736 page https://www.suse.com/security/cve/CVE-2025-1861/ SUSE CVE CVE-2025-1861 page openSUSE Tumbleweed php8-8.3.19-1.1 php8-bcmath-8.3.19-1.1 php8-bz2-8.3.19-1.1 php8-calendar-8.3.19-1.1 php8-cli-8.3.19-1.1 php8-ctype-8.3.19-1.1 php8-curl-8.3.19-1.1 php8-dba-8.3.19-1.1 php8-devel-8.3.19-1.1 php8-dom-8.3.19-1.1 php8-enchant-8.3.19-1.1 php8-exif-8.3.19-1.1 php8-ffi-8.3.19-1.1 php8-fileinfo-8.3.19-1.1 php8-ftp-8.3.19-1.1 php8-gd-8.3.19-1.1 php8-gettext-8.3.19-1.1 php8-gmp-8.3.19-1.1 php8-iconv-8.3.19-1.1 php8-intl-8.3.19-1.1 php8-ldap-8.3.19-1.1 php8-mbstring-8.3.19-1.1 php8-mysql-8.3.19-1.1 php8-odbc-8.3.19-1.1 php8-opcache-8.3.19-1.1 php8-openssl-8.3.19-1.1 php8-pcntl-8.3.19-1.1 php8-pdo-8.3.19-1.1 php8-pgsql-8.3.19-1.1 php8-phar-8.3.19-1.1 php8-posix-8.3.19-1.1 php8-readline-8.3.19-1.1 php8-shmop-8.3.19-1.1 php8-snmp-8.3.19-1.1 php8-soap-8.3.19-1.1 php8-sockets-8.3.19-1.1 php8-sodium-8.3.19-1.1 php8-sqlite-8.3.19-1.1 php8-sysvmsg-8.3.19-1.1 php8-sysvsem-8.3.19-1.1 php8-sysvshm-8.3.19-1.1 php8-tidy-8.3.19-1.1 php8-tokenizer-8.3.19-1.1 php8-xmlreader-8.3.19-1.1 php8-xmlwriter-8.3.19-1.1 php8-xsl-8.3.19-1.1 php8-zip-8.3.19-1.1 php8-zlib-8.3.19-1.1 php8-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-bcmath-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-bz2-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-calendar-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-cli-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-ctype-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-curl-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-dba-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-devel-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-dom-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-enchant-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-exif-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-ffi-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-fileinfo-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-ftp-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-gd-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-gettext-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-gmp-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-iconv-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-intl-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-ldap-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-mbstring-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-mysql-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-odbc-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-opcache-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-openssl-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-pcntl-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-pdo-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-pgsql-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-phar-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-posix-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-readline-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-shmop-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-snmp-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-soap-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sockets-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sodium-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sqlite-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sysvmsg-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sysvsem-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-sysvshm-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-tidy-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-tokenizer-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-xmlreader-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-xmlwriter-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-xsl-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-zip-8.3.19-1.1 as a component of openSUSE Tumbleweed php8-zlib-8.3.19-1.1 as a component of openSUSE Tumbleweed In PHP versions 8.3.* before 8.3.19 and 8.4.* before 8.4.5, a code sequence involving __set handler or ??= operator and exceptions can lead to a use-after-free vulnerability. If the third party can control the memory layout leading to this, for example by supplying specially crafted inputs to the script, it could lead to remote code execution. CVE-2024-11235 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-11235.html CVE-2024-11235 https://bugzilla.suse.com/1239666 SUSE Bug 1239666 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP response obtained from a server, folded headers are parsed incorrectly, which may lead to misinterpreting the response and using incorrect headers, MIME types, etc. CVE-2025-1217 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-1217.html CVE-2025-1217 https://bugzilla.suse.com/1239664 SUSE Bug 1239664 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using the DOM or SimpleXML extensions, the wrong content-type header is used to determine the charset when the requested resource performs a redirect. This may cause the resulting document to be parsed incorrectly or bypass validations. CVE-2025-1219 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-1219.html CVE-2025-1219 https://bugzilla.suse.com/1239667 SUSE Bug 1239667 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server, the headers missing a colon (:) are treated as valid headers even though they are not. This may confuse applications into accepting invalid headers. CVE-2025-1734 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-1734.html CVE-2025-1734 https://bugzilla.suse.com/1239668 SUSE Bug 1239668 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, the insufficient validation of the end-of-line characters may prevent certain headers from being sent or lead to certain headers be misinterpreted. CVE-2025-1736 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-1736.html CVE-2025-1736 https://bugzilla.suse.com/1239670 SUSE Bug 1239670 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the response to an HTTP request, there is currently limit on the location value size caused by limited size of the location buffer to 1024. However as per RFC9110, the limit is recommended to be 8000. This may lead to incorrect URL truncation and redirecting to a wrong location. CVE-2025-1861 openSUSE Tumbleweed:php8-8.3.19-1.1 openSUSE Tumbleweed:php8-bcmath-8.3.19-1.1 openSUSE Tumbleweed:php8-bz2-8.3.19-1.1 openSUSE Tumbleweed:php8-calendar-8.3.19-1.1 openSUSE Tumbleweed:php8-cli-8.3.19-1.1 openSUSE Tumbleweed:php8-ctype-8.3.19-1.1 openSUSE Tumbleweed:php8-curl-8.3.19-1.1 openSUSE Tumbleweed:php8-dba-8.3.19-1.1 openSUSE Tumbleweed:php8-devel-8.3.19-1.1 openSUSE Tumbleweed:php8-dom-8.3.19-1.1 openSUSE Tumbleweed:php8-enchant-8.3.19-1.1 openSUSE Tumbleweed:php8-exif-8.3.19-1.1 openSUSE Tumbleweed:php8-ffi-8.3.19-1.1 openSUSE Tumbleweed:php8-fileinfo-8.3.19-1.1 openSUSE Tumbleweed:php8-ftp-8.3.19-1.1 openSUSE Tumbleweed:php8-gd-8.3.19-1.1 openSUSE Tumbleweed:php8-gettext-8.3.19-1.1 openSUSE Tumbleweed:php8-gmp-8.3.19-1.1 openSUSE Tumbleweed:php8-iconv-8.3.19-1.1 openSUSE Tumbleweed:php8-intl-8.3.19-1.1 openSUSE Tumbleweed:php8-ldap-8.3.19-1.1 openSUSE Tumbleweed:php8-mbstring-8.3.19-1.1 openSUSE Tumbleweed:php8-mysql-8.3.19-1.1 openSUSE Tumbleweed:php8-odbc-8.3.19-1.1 openSUSE Tumbleweed:php8-opcache-8.3.19-1.1 openSUSE Tumbleweed:php8-openssl-8.3.19-1.1 openSUSE Tumbleweed:php8-pcntl-8.3.19-1.1 openSUSE Tumbleweed:php8-pdo-8.3.19-1.1 openSUSE Tumbleweed:php8-pgsql-8.3.19-1.1 openSUSE Tumbleweed:php8-phar-8.3.19-1.1 openSUSE Tumbleweed:php8-posix-8.3.19-1.1 openSUSE Tumbleweed:php8-readline-8.3.19-1.1 openSUSE Tumbleweed:php8-shmop-8.3.19-1.1 openSUSE Tumbleweed:php8-snmp-8.3.19-1.1 openSUSE Tumbleweed:php8-soap-8.3.19-1.1 openSUSE Tumbleweed:php8-sockets-8.3.19-1.1 openSUSE Tumbleweed:php8-sodium-8.3.19-1.1 openSUSE Tumbleweed:php8-sqlite-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvmsg-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvsem-8.3.19-1.1 openSUSE Tumbleweed:php8-sysvshm-8.3.19-1.1 openSUSE Tumbleweed:php8-tidy-8.3.19-1.1 openSUSE Tumbleweed:php8-tokenizer-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlreader-8.3.19-1.1 openSUSE Tumbleweed:php8-xmlwriter-8.3.19-1.1 openSUSE Tumbleweed:php8-xsl-8.3.19-1.1 openSUSE Tumbleweed:php8-zip-8.3.19-1.1 openSUSE Tumbleweed:php8-zlib-8.3.19-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-1861.html CVE-2025-1861 https://bugzilla.suse.com/1239669 SUSE Bug 1239669