| Name: | php-gmp |
|---|---|
| Version: | 7.4.33 |
| Release: | 4.module+el8.10.0+90942+d80f51f3 |
| Architecture: | x86_64 |
| Module: | php:7.4:8100020260604072603:f7998665 |
| Group: | Unspecified |
| Size: | 74844 |
| License: | PHP |
| RPM: | php-gmp-7.4.33-4.module+el8.10.0+90942+d80f51f3.x86_64.rpm |
| Source RPM: | php-7.4.33-4.module+el8.10.0+90942+d80f51f3.src.rpm |
| Build Date: | Thu Jul 02 2026 |
| Build Host: | build-ol8-x86_64.oracle.com |
| Vendor: | Oracle America |
| URL: | http://www.php.net/ |
| Summary: | A module for PHP applications for using the GNU MP library |
| Description: | These functions allow you to work with arbitrary-length integers using the GNU MP library. |
- Fix XSS within status endpoint CVE-2026-6735 - Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map CVE-2026-6722 - Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION CVE-2026-7261 - Fix Broken Apache map value NULL check CVE-2026-7262 - Fix Signed integer overflow of char array offset CVE-2026-7568 - Fix Consistently pass unsigned char to ctype.h functions CVE-2026-7258
- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface GHSA-4w77-75f9-2c8w - Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs CVE-2024-11234 - Fix Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 - Fix Leak partial content of the heap through heap buffer over-read CVE-2024-8929 - Fix libxml streams use wrong `content-type` header when requesting a redirected resource CVE-2025-1219 - Fix Stream HTTP wrapper header check might omit basic auth header CVE-2025-1736 - Fix Stream HTTP wrapper truncate redirect location to 1024 bytes CVE-2025-1861 - Fix Streams HTTP wrapper does not fail for headers without colon CVE-2025-1734 - Fix Header parser of `http` stream wrapper does not handle folded headers CVE-2025-1217 - Fix pgsql extension does not check for errors during escaping CVE-2025-1735 - Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-6491 - Fix Null byte termination in hostnames CVE-2025-1220 - Fix Null byte termination in dns_get_record() GHSA-www2-q4fc-65wf - Fix Heap buffer overflow in array_merge() CVE-2025-14178 - Fix Information Leak of Memory in getimagesize CVE-2025-14177
- fix low/moderate CVEs RHEL-66589 - Fix cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8927 - Fix Logs from childrens may be altered CVE-2024-9026 - Fix Erroneous parsing of multipart form data CVE-2024-8925 - Fix filter bypass in filter_var FILTER_VALIDATE_URL CVE-2024-5458 - Fix __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix CVE-2024-2756 - Fix password_verify can erroneously return true opening ATO risk CVE-2024-3096 - Fix Security issue with external entity loading in XML without enabling it CVE-2023-3823 - Fix Buffer mismanagement in phar_dir_read() CVE-2023-3824 - Fix Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP CVE-2023-3247 - fix #81744: Password_verify() always return true with some hash CVE-2023-0567 - fix #81746: 1-byte array overrun in common path resolve code CVE-2023-0568 - fix DOS vulnerability when parsing multipart request body CVE-2023-0662
- rebase to 7.4.33 - fix: due to an integer overflow PDO::quote() may return unquoted string CVE-2022-31631
- rebase to 7.4.30 #2099615
- fix password of excessive length triggers buffer overflow leading to RCE CVE-2022-31626
- fix SSRF bypass in FILTER_VALIDATE_URL CVE-2021-21705 - fix Local privilege escalation via PHP-FPM CVE-2021-21703
- rebase to 7.4.19 #1944110
- fix regression in 7.4.6 with generators and exception
- build phpdbg only once - fix regression in 7.4.6 when yielding an array based generator