Awaiting Analysis: kusanagi-php83 Security Update

Synopsis

Issued 2025-03-18
Severity Awaiting Analysis
Updated Packages kusanagi-php83
Affected Products KUSANAGI 9, Business Edition, Page Speed Technology, Security Edition

Description

An update for kusanagi-php83 is now available.

Security fix(es):

  • Fixed GHSA-rwp7-7vc6-8477 (Reference counting in php_request_shutdown causes Use-After-Free). (CVE-2024-11235)
  • Fixed GHSA-p3x9-6h7p-cgfc (libxml streams use wrong `content-type` header when requesting a redirected resource). (CVE-2025-1219)
  • Fixed GHSA-hgf5-96fm-v528 (Stream HTTP wrapper header check might omit basic auth header). (CVE-2025-1736)
  • Fixed GHSA-52jp-hrpf-2jff (Stream HTTP wrapper truncate redirect location to 1024 bytes). (CVE-2025-1861)
  • Fixed GHSA-pcmh-g36c-qc44 (Streams HTTP wrapper does not fail for headers without colon). (CVE-2025-1734)
  • Fixed GHSA-v8xr-gpvj-cx9g (Header parser of `http` stream wrapper does not handle folded headers). (CVE-2025-1217)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE information may not yet be available on those websites.

References

Updated packages listed below

This product uses the NVD API but is not endorsed or certified by the NVD.