This update for php8 fixes the following issues
- CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL
injection (bsc#1264778).
- CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in
`mb_convert_encoding()` can lead to information disclosure and denial of service (bsc#1264777).
- CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution (bsc#1264776).
- CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS (bsc#1264775).
- CVE-2026-7258: signed `char` values passed to `ctype` functions like `isxdigit` can lead to OOB access and denial of
service (bsc#1264774).
- CVE-2026-7259: NULL pointer dereference in `php_mb_check_encoding()` via `mb_ereg_search_init()` can lead to a denial
of service (bsc#1264773).
- CVE-2026-7261: use-after-free due to incorrectly handled persistence of handler...
Read the Full Advisory- openSUSE Leap 16.0:
apache2-mod_php8-8.4.21-160000.1.1
php8-8.4.21-160000.1.1
php8-bcmath-8.4.21-160000.1.1
php8-bz2-8.4.21-160000.1.1
php8-calendar-8.4.21-160000.1.1
php8-cli-8.4.21-160000.1.1
php8-ctype-8.4.21-160000.1.1
php8-curl-8.4.21-160000.1.1
php8-dba-8.4.21-160000.1.1
php8-devel-8.4.21-160000.1.1
php8-dom-8.4.21-160000.1.1
php8-embed-8.4.21-160000.1.1
php8-enchant-8.4.21-160000.1.1
php8-exif-8.4.21-160000.1.1
php8-fastcgi-8.4.21-160000.1.1
php8-ffi-8.4.21-160000.1.1
php8-fileinfo-8.4.21-160000.1.1
php8-fpm-8.4.21-160000.1.1
php8-fpm-apache-8.4.21-160000.1.1
php8-ftp-8.4.21-160000.1.1
php8-gd-8.4.21-160000.1.1
php8-gettext-8.4.21-160000.1.1
php8-gmp-8.4.21-160000.1.1
php8-iconv-8.4.21-160000.1.1
php8-intl-8.4.21-160000.1.1
php8-ldap-8.4.21-160000.1.1
php8-mbstring-8.4.21-160000.1.1
php8-mysql-8.4.21-160000.1.1
php8-odbc-8.4.21-160000.1.1
php8-opcache-8.4.21-160000.1.1
php8-openssl-8.4.21-160000.1.1
php8-pcntl-8.4.21-160000.1.1
php8-pdo-8.4.21-160000.1.1
php8-pgsql-8.4.21-160000.1.1
php8-phar-8.4.21-160000.1.1
p...
Read the Full Advisory* bsc#1264769
* bsc#1264770
* bsc#1264771
* bsc#1264772
* bsc#1264773
* bsc#1264774
* bsc#1264775
* bsc#1264776
* bsc#1264777
* bsc#1264778
References:
* https://www.suse.com/security/cve/CVE-2025-14179.html
* https://www.suse.com/security/cve/CVE-2026-6104.html
* https://www.suse.com/security/cve/CVE-2026-6722.html
* https://www.suse.com/security/cve/CVE-2026-6735.html
* https://www.suse.com/security/cve/CVE-2026-7258.html
* https://www.suse.com/security/cve/CVE-2026-7259.html
* https://www.suse.com/security/cve/CVE-2026-7261.html
* https://www.suse.com/security/cve/CVE-2026-7262.html
* https://www.suse.com/security/cve/CVE-2026-7263.html
* https://www.suse.com/security/cve/CVE-2026-7568.html
Get the latest Linux and open source security news straight to your inbox.