Bug 34418 - PHP: new version 8.2.29
Summary: PHP: new version 8.2.29
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2025-07-03 14:19 CEST by Marc Krämer
Modified: 2025-07-06 01:49 CEST (History)
3 users (show)

See Also:
Source RPM: php
CVE: CVE-2025-1735 CVE-2025-6491 CVE-2025-1220
Status comment:


Attachments

Description Marc Krämer 2025-07-03 14:19:07 CEST
https://www.php.net/ChangeLog-8.php#8.2.29

Security issues found
Comment 1 Marc Krämer 2025-07-03 15:01:31 CEST
Updated php package fix security vulnerabilities:

PGSQL:
Fixed GHSA-hrwm-9436-5mv3 (pgsql extension does not check for errors during escaping). (CVE-2025-1735)
SOAP:
Fixed GHSA-453j-q27h-5p8x (NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix). (CVE-2025-6491)
Standard:
Fixed GHSA-3cr5-j632-f35r (Null byte termination in hostnames). (CVE-2025-1220)

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-6491
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-1220
https://www.php.net/ChangeLog-8.php#8.2.29
========================

Updated packages in core/updates_testing:
========================
php-openssl-debuginfo-8.2.29-1.mga9
php-mysqlnd-debuginfo-8.2.29-1.mga9
php-dom-debuginfo-8.2.29-1.mga9
php-phar-debuginfo-8.2.29-1.mga9
php-pdo-debuginfo-8.2.29-1.mga9
php-mysqli-debuginfo-8.2.29-1.mga9
php-intl-8.2.29-1.mga9
php-opcache-8.2.29-1.mga9
php-mbstring-debuginfo-8.2.29-1.mga9
php-pgsql-debuginfo-8.2.29-1.mga9
php-mbstring-8.2.29-1.mga9
php-curl-debuginfo-8.2.29-1.mga9
php-soap-debuginfo-8.2.29-1.mga9
php-phar-8.2.29-1.mga9
php-soap-8.2.29-1.mga9
php-debuginfo-8.2.29-1.mga9
php-session-debuginfo-8.2.29-1.mga9
php-sockets-debuginfo-8.2.29-1.mga9
php-ini-8.2.29-1.mga9
php-fileinfo-debuginfo-8.2.29-1.mga9
php-mysqlnd-8.2.29-1.mga9
php-zip-debuginfo-8.2.29-1.mga9
php-sodium-debuginfo-8.2.29-1.mga9
php-gd-debuginfo-8.2.29-1.mga9
php-imap-debuginfo-8.2.29-1.mga9
php-intl-debuginfo-8.2.29-1.mga9
php-dba-debuginfo-8.2.29-1.mga9
php-gmp-debuginfo-8.2.29-1.mga9
php-openssl-8.2.29-1.mga9
php-ldap-debuginfo-8.2.29-1.mga9
php-dom-8.2.29-1.mga9
php-opcache-debuginfo-8.2.29-1.mga9
php-snmp-debuginfo-8.2.29-1.mga9
php-sqlite3-debuginfo-8.2.29-1.mga9
php-odbc-debuginfo-8.2.29-1.mga9
php-ftp-debuginfo-8.2.29-1.mga9
php-pgsql-8.2.29-1.mga9
php-exif-debuginfo-8.2.29-1.mga9
php-pdo-8.2.29-1.mga9
php-mysqli-8.2.29-1.mga9
php-doc-8.2.29-1.mga9
php-tidy-debuginfo-8.2.29-1.mga9
php-filter-debuginfo-8.2.29-1.mga9
php-pcntl-debuginfo-8.2.29-1.mga9
php-imap-8.2.29-1.mga9
php-posix-debuginfo-8.2.29-1.mga9
php-sodium-8.2.29-1.mga9
php-bcmath-debuginfo-8.2.29-1.mga9
php-gd-8.2.29-1.mga9
php-iconv-debuginfo-8.2.29-1.mga9
php-curl-8.2.29-1.mga9
php-xmlreader-debuginfo-8.2.29-1.mga9
php-session-8.2.29-1.mga9
php-zlib-debuginfo-8.2.29-1.mga9
php-xsl-debuginfo-8.2.29-1.mga9
php-pdo_firebird-debuginfo-8.2.29-1.mga9
php-pdo_sqlite-debuginfo-8.2.29-1.mga9
php-pdo_mysql-debuginfo-8.2.29-1.mga9
php-zip-8.2.29-1.mga9
php-exif-8.2.29-1.mga9
php-ldap-8.2.29-1.mga9
php-pdo_pgsql-debuginfo-8.2.29-1.mga9
php-sockets-8.2.29-1.mga9
php-readline-debuginfo-8.2.29-1.mga9
php-xmlwriter-debuginfo-8.2.29-1.mga9
php-dba-8.2.29-1.mga9
php-calendar-debuginfo-8.2.29-1.mga9
php-snmp-8.2.29-1.mga9
php-sqlite3-8.2.29-1.mga9
php-tokenizer-debuginfo-8.2.29-1.mga9
php-gmp-8.2.29-1.mga9
php-pdo_odbc-debuginfo-8.2.29-1.mga9
php-pdo_dblib-debuginfo-8.2.29-1.mga9
php-ftp-8.2.29-1.mga9
php-odbc-8.2.29-1.mga9
php-tidy-8.2.29-1.mga9
php-xmlreader-8.2.29-1.mga9
php-pdo_pgsql-8.2.29-1.mga9
php-pcntl-8.2.29-1.mga9
php-filter-8.2.29-1.mga9
php-bz2-debuginfo-8.2.29-1.mga9
php-enchant-debuginfo-8.2.29-1.mga9
php-xmlwriter-8.2.29-1.mga9
php-zlib-8.2.29-1.mga9
php-sysvmsg-debuginfo-8.2.29-1.mga9
php-iconv-8.2.29-1.mga9
php-posix-8.2.29-1.mga9
php-pdo_firebird-8.2.29-1.mga9
php-bcmath-8.2.29-1.mga9
php-pdo_odbc-8.2.29-1.mga9
php-xsl-8.2.29-1.mga9
php-calendar-8.2.29-1.mga9
php-readline-8.2.29-1.mga9
php-gettext-debuginfo-8.2.29-1.mga9
php-pdo_mysql-8.2.29-1.mga9
php-ctype-debuginfo-8.2.29-1.mga9
php-pdo_sqlite-8.2.29-1.mga9
php-pdo_dblib-8.2.29-1.mga9
php-sysvshm-8.2.29-1.mga9
php-sysvsem-debuginfo-8.2.29-1.mga9
php-tokenizer-8.2.29-1.mga9
php-enchant-8.2.29-1.mga9
php-shmop-debuginfo-8.2.29-1.mga9
php-sysvmsg-8.2.29-1.mga9
php-sysvshm-debuginfo-8.2.29-1.mga9
php-bz2-8.2.29-1.mga9
php-shmop-8.2.29-1.mga9
php-gettext-8.2.29-1.mga9
php-sysvsem-8.2.29-1.mga9
php-fpm-apache-8.2.29-1.mga9
php-fpm-nginx-8.2.29-1.mga9
php-ctype-8.2.29-1.mga9
php-cgi-8.2.29-1.mga9
phpdbg-8.2.29-1.mga9
php-cli-8.2.29-1.mga9
php-fpm-8.2.29-1.mga9
apache-mod_php-8.2.29-1.mga9
php-fileinfo-8.2.29-1.mga9
php-cli-debuginfo-8.2.29-1.mga9
apache-mod_php-debuginfo-8.2.29-1.mga9
phpdbg-debuginfo-8.2.29-1.mga9
php-cgi-debuginfo-8.2.29-1.mga9
php-fpm-debuginfo-8.2.29-1.mga9
php-debugsource-8.2.29-1.mga9
php-devel-8.2.29-1.mga9

SRPM:
php-8.2.29-1.mga9.src.rpm

CVE: (none) => CVE-2025-1735 CVE-2025-6491 CVE-2025-1220
Assignee: mageia => qa-bugs

katnatek 2025-07-03 20:47:42 CEST

Keywords: (none) => advisory

Comment 2 Herman Viaene 2025-07-04 15:29:58 CEST
MGA9-64 server Plasma Wayland on Compaq H000SB
No installation issues. But I always load the list in QARepo and then use MCC- Install or Remove Software and that give me: apache-mod_php cannot be selected
I guess this is caused by the other php in backports, so
# urpmi apache-mod_php
To satisfy dependencies, the following packages are going to be installed:
  Package                        Version      Release       Arch    
(medium "QA Testing (64-bit)")
  apache-mod_php                 8.2.29       1.mga9        x86_64  
  php-cgi                        8.2.29       1.mga9        x86_64  
  php-ini                        8.2.29       1.mga9        x86_64  
  php-openssl                    8.2.29       1.mga9        x86_64  
  php-session                    8.2.29       1.mga9        x86_64  
  php-sysvsem                    8.2.29       1.mga9        x86_64  
  php-sysvshm                    8.2.29       1.mga9        x86_64  
  php-zlib                       8.2.29       1.mga9        x86_64  
4.4KB of additional disk space will be used.
That went OK, and from thereon I could use my usual prodedure.
The loooooong list on Quick Links is useless, no way I can get to previous updates in this way.
Anyway, at CLI:
# systemctl start httpd
# systemctl start mysqld
Then I used phpmyadmin to create a new database with a table with serial PK, unique index and timestamp and inserted a few rows. All works OK.

CC: (none) => herman.viaene

Comment 3 katnatek 2025-07-05 01:12:25 CEST
RH x86_64

installing php-sysvsem-8.2.29-1.mga9.x86_64.rpm php-zlib-8.2.29-1.mga9.x86_64.rpm php-ini-8.2.29-1.mga9.x86_64.rpm php-openssl-8.2.29-1.mga9.x86_64.rpm php-fpm-apache-8.2.29-1.mga9.x86_64.rpm php-fpm-8.2.29-1.mga9.x86_64.rpm php-sysvshm-8.2.29-1.mga9.x86_64.rpm php-session-8.2.29-1.mga9.x86_64.rpm php-cli-8.2.29-1.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ##################################################################################################
      1/9: php-zlib              ##################################################################################################
      2/9: php-openssl           ##################################################################################################
      3/9: php-sysvshm           ##################################################################################################
      4/9: php-fpm-apache        ##################################################################################################
      5/9: php-fpm               ##################################################################################################
      6/9: php-session           ##################################################################################################
      7/9: php-ini               ##################################################################################################
      8/9: php-sysvsem           ##################################################################################################
      9/9: php-cli               ##################################################################################################
      1/9: removing php-cli-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      2/9: removing php-zlib-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      3/9: removing php-fpm-apache-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      4/9: removing php-session-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      5/9: removing php-fpm-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      6/9: removing php-ini-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      7/9: removing php-sysvsem-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      8/9: removing php-openssl-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################
      9/9: removing php-sysvshm-3:8.2.28-1.mga9.x86_64
                                 ##################################################################################################

systemctl restart php-fpm.service
systemctl status php-fpm.service 
● php-fpm.service - The PHP FastCGI Process Manager
     Loaded: loaded (/usr/lib/systemd/system/php-fpm.service; enabled; preset: disabled)
     Active: active (running) since Fri 2025-07-04 17:08:07 CST; 19s ago
   Main PID: 32477 (php-fpm)
     Status: "Processes active: 0, idle: 20, Requests: 0, slow: 0, Traffic: 0.00req/sec"
      Tasks: 21 (limit: 6876)
     Memory: 10.0M
        CPU: 53ms
     CGroup: /system.slice/php-fpm.service
             ├─32477 "php-fpm: master process (/etc/php-fpm.conf)"
             ├─32478 "php-fpm: pool www"
             ├─32479 "php-fpm: pool www"
             ├─32480 "php-fpm: pool www"
             ├─32481 "php-fpm: pool www"
             ├─32482 "php-fpm: pool www"
             ├─32483 "php-fpm: pool www"
             ├─32484 "php-fpm: pool www"
             ├─32485 "php-fpm: pool www"
             ├─32486 "php-fpm: pool www"
             ├─32487 "php-fpm: pool www"
             ├─32488 "php-fpm: pool www"
             ├─32489 "php-fpm: pool www"
             ├─32490 "php-fpm: pool www"
             ├─32491 "php-fpm: pool www"
             ├─32492 "php-fpm: pool www"
             ├─32493 "php-fpm: pool www"
             ├─32494 "php-fpm: pool www"
             ├─32495 "php-fpm: pool www"
             ├─32496 "php-fpm: pool www"
             └─32497 "php-fpm: pool www"

jul 04 17:08:07 jgrey.phoenix systemd[1]: Starting php-fpm.service...
jul 04 17:08:07 jgrey.phoenix systemd[1]: Started php-fpm.service.

php pages works
php script works

Whiteboard: (none) => MGA9-64-OK

Comment 4 Thomas Andrews 2025-07-05 14:07:31 CEST
Validating.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Comment 5 Mageia Robot 2025-07-06 01:49:21 CEST
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2025-0203.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED


Note You need to log in before you can comment on or make changes to this bug.