SB2025081523 - Anolis OS update for php

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper error handling (CVE-ID: CVE-2025-1735)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect handling of error messages and situations in pgsql extension. A remote attacker can pass specially crafted data to the application and perform a denial of service attack under certain circumstances. 

2) NULL pointer dereference (CVE-ID: CVE-2025-6491)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the PHP SOAP extension. A remote attacker can pass a large XML namespace prefix to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://anas.openanolis.cn/errata/detail/ANSA-2025:0509