UbuntuUpdates.org

Package "php8.1-cli"

Name: php8.1-cli

Description:

command-line interpreter for the PHP scripting language
Latest version: 8.1.2-1ubuntu2.23
Release: jammy (22.04)
Level: security
Repository: main
Head package: php8.1
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.1-cli"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "php8.1-cli" in Jammy

Repository Area Version
base main 8.1.2-1ubuntu2
updates main 8.1.2-1ubuntu2.23

Changelog

Version: 8.1.2-1ubuntu2.23 2026-01-12 09:07:43 UTC

  php8.1 (8.1.2-1ubuntu2.23) jammy-security; urgency=medium

  * SECURITY UPDATE: Heap buffer overflow in array_merge()
    - debian/patches/CVE-2025-14178.patch: check number of elements in
      ext/standard/array.c
    - CVE-2025-14178
  * SECURITY UPDATE: NULL pointer dereference in PDO quoting
    - debian/patches/CVE-2025-14180.patch: fix null pointer dereference in
      ext/pdo/pdo_sql_parser.re
    - CVE-2025-14180

 -- Nishit Majithia <email address hidden> Wed, 07 Jan 2026 14:07:41 +0530
Source diff to previous version
CVE-2025-14178 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs
CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL

Version: 8.1.2-1ubuntu2.22 2025-07-17 18:07:01 UTC

  php8.1 (8.1.2-1ubuntu2.22) jammy-security; urgency=medium

  * SECURITY UPDATE: Null byte termination in hostnames
    - debian/patches/CVE-2025-1220.patch: check hostnames in
      ext/standard/fsock.c,
      ext/standard/tests/network/ghsa-3cr5-j632-f35r.phpt,
      ext/standard/tests/streams/ghsa-3cr5-j632-f35r.phpt,
      main/streams/xp_socket.c.
    - CVE-2025-1220
  * SECURITY UPDATE: pgsql extension does not check for errors during
    escaping
    - debian/patches/CVE-2025-1735.patch: add error checks in
      ext/pdo_pgsql/pgsql_driver.c,
      ext/pdo_pgsql/tests/ghsa-hrwm-9436-5mv3.phpt,
      ext/pgsql/pgsql.c, ext/pgsql/tests/ghsa-hrwm-9436-5mv3.phpt.
    - CVE-2025-1735
  * SECURITY UPDATE: NULL Pointer Dereference in PHP SOAP Extension via
    Large XML Namespace Prefix
    - debian/patches/CVE-2025-6491.patch: handle large names in
      ext/soap/soap.c, ext/soap/tests/soap_qname_crash.phpt.
    - CVE-2025-6491

 -- Marc Deslauriers <email address hidden> Tue, 15 Jul 2025 08:11:22 -0400
Source diff to previous version
CVE-2025-1220 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 some functions like fsockopen() lack validation th
CVE-2025-1735 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* pgsql and pdo_pgsql escaping functions do not check if the under
CVE-2025-6491 In PHP versions:8.1.* before 8.1.33, 8.2.* before 8.2.29, 8.3.* before 8.3.23, 8.4.* before 8.4.10 when parsing XML data in SOAP extensions, overly l

Version: 8.1.2-1ubuntu2.21 2025-03-31 23:07:16 UTC

  php8.1 (8.1.2-1ubuntu2.21) jammy-security; urgency=medium

  * SECURITY UPDATE: Use after free
    - debian/patches/CVE-2024-11235.patch: fix incorrect live-range
      calculation in Zend/zend_opcode.c and add tests in
      Zend/tests/ghsa-rwp7-7vc6-8477_001.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_002.phpt,
      Zend/tests/ghsa-rwp7-7vc6-8477_003.phpt.
    - CVE-2024-11235
  * SECURITY UPDATE: Incorrect MIME type
    - debian/patches/CVE-2025-1217.patch: adds HTTP header folding
      support for HTTP wrapper response headers in
      ext/standard/http_fopen_wrapper.c and add tests in
      ests/http/ghsa-v8xr-gpvj-cx9g-001.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-002.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-003.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-004.phpt,
      tests/http/ghsa-v8xr-gpvj-cx9g-005.phpt,
      tests/http/http_response_header_05.phpt.
    - CVE-2025-1217
  * SECURITY UPDATE: Wrong content-type requesting a redirected resource
    - debian/patches/CVE-2025-1219.patch: fix in ext/libxml/mime_sniff.c.
    - CVE-2025-1219
  * SECURITY UPDATE: Invalid header
    - debian/patches/CVE-2025-1734.patch: fix in ext/standard/http_fopen_wrapper.c
      and add tests in
      ext/standard/tests/http/bug47021.phpt,
      ext/standard/tests/http/bug75535.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-001.phpt,
      tests/http/ghsa-pcmh-g36c-qc44-002.phpt.
    - CVE-2025-1734
  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-1736.patch: httu user header check
      of crlf in ext/standard/http_fopen_wrapper.c and add tests
      in tests/http/ghsa-hgf5-96fm-v528-001.phpt,
      tests/http/ghsa-hgf5-96fm-v528-002.phpt,
      tests/http/ghsa-hgf5-96fm-v528-003.phpt.
    - CVE-2025-1736
  * SECURITY UPDATE: Location truncation
    - debian/patches/CVE-2025-1861.patch: converts the
      allocation of location to be on heap instead of stack
      in ext/standard/http_fopen_wrapper.c and add tests in
      tests/http/ghsa-52jp-hrpf-2jff-001.phpt,
      tests/http/ghsa-52jp-hrpf-2jff-002.phpt.
    - CVE-2025-1861
  * debian/patches/0001-Fix-GH-16955-Use-empheral-ports-for-OpenSSL-server-c.patch
    added in order to fix all the tests added in the CVE above.

 -- Leonidas Da Silva Barbosa <email address hidden> Mon, 24 Mar 2025 16:04:23 -0300
Source diff to previous version
CVE-2025-1217 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when http request module parses HTTP re
CVE-2025-1219 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when requesting a HTTP resource using t
CVE-2025-1734 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when receiving headers from HTTP server
CVE-2025-1736 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when user-supplied headers are sent, th
CVE-2025-1861 In PHP from 8.1.* before 8.1.32, from 8.2.* before 8.2.28, from 8.3.* before 8.3.19, from 8.4.* before 8.4.5, when parsing HTTP redirect in the respo

Version: 8.1.2-1ubuntu2.20 2024-12-12 23:06:59 UTC

  php8.1 (8.1.2-1ubuntu2.20) jammy-security; urgency=medium

  * SECURITY UPDATE: Buffer over read
    - debian/patches/CVE-2024-11233.patch: re arrange
      bound check code in ext/standard/filters.c,
      ext/standard/tests/filters/ghsa-r977-prxv-hc43.phpt.
    - CVE-2024-11233
  * SECURITY UPDATE: HTTP request smuggling
    - debian/patches/CVE-2024-11234.patch: avoiding
      fulluri CRLF injection in ext/standard/http_fopen_wrapper.c.
      .../tests/http/ghsa-c5f2-jwm7-mmq2.phpt.
    - CVE-2024-11234
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-11236-1.patch: adding an extralen check
      to avoid integer overflow in ext/pdo_dblib/dblib_driver.c,
      ext/pdo_dblib/tests/GHSA-5hqh-c84r-qjcv.phpt.
    - debian/patches/CVE-2024-11236-2.patch: change qcount to size_t in
      order to avoid integer overflow and adding checks in
      ext/pdo_firebird/firebird_driver.c.
    - CVE-2024-11236
  * SECURITY UPDATE: Heap buffer over-reads
    - debian/patches/CVE-2024-8929.patch: fix buffer over-reads in
      ext/mysqlnd/mysqlnd_ps_codec.c,
      ext/mysqlnd/mysqlnd_wireprotocol.c, and create some phpt tests.
    - CVE-2024-8929
  * SECURITY UPDATE: Integer overflow
    - debian/patches/CVE-2024-8932.patch: fix OOB in access in
      ldap_escape in ext/ldap/ldap.c,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-1.phpt,
      ext/ldap/tests/GHSA-g665-fm4p-vhff-2.phpt.
    - CVE-2024-8932

 -- Leonidas Da Silva Barbosa <email address hidden> Tue, 03 Dec 2024 17:14:35 -0300
Source diff to previous version
CVE-2024-11233 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data
CVE-2024-11234 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option,
CVE-2024-11236 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy
CVE-2024-8929 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of
CVE-2024-8932 In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit sy

Version: 8.1.2-1ubuntu2.19 2024-10-01 15:06:58 UTC

  php8.1 (8.1.2-1ubuntu2.19) jammy-security; urgency=medium

  * SECURITY UPDATE: Erroneous parsing of multipart form data
    - debian/patches/CVE-2024-8925.patch: limit bounday size in
      main/rfc1867.c, tests/basic/*.
    - CVE-2024-8925
  * SECURITY UPDATE: cgi.force_redirect configuration can be bypassed due
    to environment variable collision
    - debian/patches/CVE-2024-8927.patch: check for REDIRECT_STATUS in
      sapi/cgi/cgi_main.c.
    - CVE-2024-8927
  * SECURITY UPDATE: Logs from childrens may be altered
    - debian/patches/CVE-2024-9026.patch: properly calculate size in
      sapi/fpm/fpm/fpm_stdio.c, sapi/fpm/tests/*.
    - CVE-2024-9026

 -- Marc Deslauriers <email address hidden> Mon, 30 Sep 2024 12:25:25 -0400
CVE-2024-8925 Erroneous parsing of multipart form data
CVE-2024-8927 cgi.force_redirect configuration is byppassible due to the environment variable collision
CVE-2024-9026 Logs from childrens may be altered


About   -   Send Feedback to @ubuntu_updates