Amazon Linux 2 Security Advisory: ALAS2PHP8.2-2025-008
Advisory Released Date: 2025-08-04
Advisory Updated Date: 2025-08-04
fsockopen() doesn't regard hostname as well, hostname is terminated at the null byte. This can cause Server Side Request Forgery in general case. (CVE-2025-1220)
Missing error checking could result in SQL injection and missing error handling could lead to crashes due to null pointer dereferences. (CVE-2025-1735)
If a SoapVar instance is created with a fully qualified name larger than 2G, this will cause a NULL pointer dereference resulting in a segmentation fault, leading to a denial of service. (CVE-2025-6491)
Affected Packages:
php
Note:
This advisory is applicable to Amazon Linux 2 - Php8.2 Extra. Visit this page to learn more about Amazon Linux 2 (AL2) Extras and this FAQ section for the difference between AL2 Core and AL2 Extras advisories.
Issue Correction:
Run yum update php or yum update --advisory ALAS2PHP8.2-2025-008 to update your system.
aarch64:
php-8.2.29-1.amzn2.0.1.aarch64
php-cli-8.2.29-1.amzn2.0.1.aarch64
php-dbg-8.2.29-1.amzn2.0.1.aarch64
php-fpm-8.2.29-1.amzn2.0.1.aarch64
php-common-8.2.29-1.amzn2.0.1.aarch64
php-devel-8.2.29-1.amzn2.0.1.aarch64
php-opcache-8.2.29-1.amzn2.0.1.aarch64
php-ldap-8.2.29-1.amzn2.0.1.aarch64
php-pdo-8.2.29-1.amzn2.0.1.aarch64
php-mysqlnd-8.2.29-1.amzn2.0.1.aarch64
php-pgsql-8.2.29-1.amzn2.0.1.aarch64
php-process-8.2.29-1.amzn2.0.1.aarch64
php-odbc-8.2.29-1.amzn2.0.1.aarch64
php-soap-8.2.29-1.amzn2.0.1.aarch64
php-snmp-8.2.29-1.amzn2.0.1.aarch64
php-xml-8.2.29-1.amzn2.0.1.aarch64
php-mbstring-8.2.29-1.amzn2.0.1.aarch64
php-gd-8.2.29-1.amzn2.0.1.aarch64
php-bcmath-8.2.29-1.amzn2.0.1.aarch64
php-gmp-8.2.29-1.amzn2.0.1.aarch64
php-dba-8.2.29-1.amzn2.0.1.aarch64
php-embedded-8.2.29-1.amzn2.0.1.aarch64
php-pspell-8.2.29-1.amzn2.0.1.aarch64
php-intl-8.2.29-1.amzn2.0.1.aarch64
php-enchant-8.2.29-1.amzn2.0.1.aarch64
php-sodium-8.2.29-1.amzn2.0.1.aarch64
php-debuginfo-8.2.29-1.amzn2.0.1.aarch64
src:
php-8.2.29-1.amzn2.0.1.src
x86_64:
php-8.2.29-1.amzn2.0.1.x86_64
php-cli-8.2.29-1.amzn2.0.1.x86_64
php-dbg-8.2.29-1.amzn2.0.1.x86_64
php-fpm-8.2.29-1.amzn2.0.1.x86_64
php-common-8.2.29-1.amzn2.0.1.x86_64
php-devel-8.2.29-1.amzn2.0.1.x86_64
php-opcache-8.2.29-1.amzn2.0.1.x86_64
php-ldap-8.2.29-1.amzn2.0.1.x86_64
php-pdo-8.2.29-1.amzn2.0.1.x86_64
php-mysqlnd-8.2.29-1.amzn2.0.1.x86_64
php-pgsql-8.2.29-1.amzn2.0.1.x86_64
php-process-8.2.29-1.amzn2.0.1.x86_64
php-odbc-8.2.29-1.amzn2.0.1.x86_64
php-soap-8.2.29-1.amzn2.0.1.x86_64
php-snmp-8.2.29-1.amzn2.0.1.x86_64
php-xml-8.2.29-1.amzn2.0.1.x86_64
php-mbstring-8.2.29-1.amzn2.0.1.x86_64
php-gd-8.2.29-1.amzn2.0.1.x86_64
php-bcmath-8.2.29-1.amzn2.0.1.x86_64
php-gmp-8.2.29-1.amzn2.0.1.x86_64
php-dba-8.2.29-1.amzn2.0.1.x86_64
php-embedded-8.2.29-1.amzn2.0.1.x86_64
php-pspell-8.2.29-1.amzn2.0.1.x86_64
php-intl-8.2.29-1.amzn2.0.1.x86_64
php-enchant-8.2.29-1.amzn2.0.1.x86_64
php-sodium-8.2.29-1.amzn2.0.1.x86_64
php-debuginfo-8.2.29-1.amzn2.0.1.x86_64