Debian alert DLA-4447-1 (php7.4)
| From: | Guilhem Moulin <guilhem@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 4447-1] php7.4 security update | |
| Date: | Sat, 24 Jan 2026 10:37:48 +0100 | |
| Message-ID: | <aXSS7N9cb-nBKsrt@debian.org> |
------------------------------------------------------------------------- Debian LTS Advisory DLA-4447-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Guilhem Moulin January 24, 2026 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : php7.4 Version : 7.4.33-1+deb11u10 CVE ID : CVE-2025-14178 Debian Bug : 1123574 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language, which could result in server side request forgery or denial of service. CVE-2025-14178 Heap buffer overflow in array_merge(). GHSA-www2-q4fc-65wf dns_get_record() and other DNS functions don't have any null contain check, which may lead to SSRF or unexpected behavior. While this has a (low) security impact, no CVE ID was assigned for this vulnerability yet. For Debian 11 bullseye, these problems have been fixed in version 7.4.33-1+deb11u10. We recommend that you upgrade your php7.4 packages. For the detailed security status of php7.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php7.4 Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERpy6p3b9sfzUdbME05pJnDwhpVIFAml0kuoACgkQ05pJnDwh pVKFXw/7BagVdsXWU5RyuoD0Xj/kQXBE86FN5/KU2xzRPQeTyK/MmSWGObEuYpC9 2P4Mvj3SS0Fd4trg4MkoBQDE/HWIIW9zroLhJXMzrCnxvBtsIDkKjgON4YuDFGaw 1/8x1q+HKzMkTW0bvSwKUque6KbjuuqNY/RLcvjq4hTQcGp35gEnnCo4iO3SOIKL 12dQhMece0+viPgDvoXRx5dlHLrXLCL/dIGH0BrtLx92kNWg1gcofJdhXJEY28+w s45fMZcy4PnQBPIhwH+GIbBZq7P2/vNYQvj1oNXIbfKc5rzjS2ocvvYnxAQHO0r8 MvllmLn7sxbVvPRs9T8KUrr/+yA44E2u6VNS0gTjaXpVtJa0nHXed4aMh2gaIICy rs1sqhbBGyNgS6QjFsS/ATNA1IXoG4Tid9frTFN6TUh9zY9/tL4Ni7ociHQtHwAj kp/pJbzd5O5RnK+CZRkmlV/zbCFh7SdW+yDiSf1rqwQMpVJDfjrsq38y/Fiu4oKt +FTRHb6SOlLwM75S63o/84VjmSLXiqD1OLilT+dmqUAYIOCA6Je5qmixZM7WWCfT u70gGvIDp0nC4nxyHFtki4a9Uqz/g8tNLf+hg338KvHAzpIVPKWv30XUuH8J9d6s jiGTkly9GUH/VQ+eX2xK6UKnzdL77+cH6Ba9Gn6nQj43WF1cpYA= =B6Vz -----END PGP SIGNATURE-----