This update for php8 fixes the following issues:
Version update to 8.4.16:
Security fixes:
- CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710).
- CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711).
- CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712).
Other fixes:
- php8 contains Directories owned by wwwrun but does not require User. (bsc#1255043)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-198=1
- openSUSE Leap 16.0:
apache2-mod_php8-8.4.16-160000.1.1
php8-8.4.16-160000.1.1
php8-bcmath-8.4.16-160000.1.1
php8-bz2-8.4.16-160000.1.1
php8-calendar-8.4.16-160000.1.1
php8-cli-8.4.16-160000.1.1
php8-ctype-8.4.16-160000.1.1
php8-curl-8.4.16-160000.1.1
php8-dba-8.4.16-160000.1.1
php8-devel-8.4.16-160000.1.1
php8-dom-8.4.16-160000.1.1
php8-embed-8.4.16-160000.1.1
php8-enchant-8.4.16-160000.1.1
php8-exif-8.4.16-160000.1.1
php8-fastcgi-8.4.16-160000.1.1
php8-ffi-8.4.16-160000.1.1
php8-fileinfo-8.4.16-160000.1.1
php8-fpm-8.4.16-160000.1.1
php8-fpm-apache-8.4.16-160000.1.1
php8-ftp-8.4.16-160000.1.1
php8-gd-8.4.16-160000.1.1
php8-gettext-8.4.16-160000.1.1
php8-gmp-8.4.16-160000.1.1
php8-iconv-8.4.16-160000.1.1
php8-intl-8.4.16-160000.1.1
php8-ldap-8.4.16-160000.1.1
php8-mbstring-8.4.16-160000.1.1
php8-mysql-8.4.16-160000.1.1
php8-odbc-8.4.16-160000.1.1
php8-opcache-8.4.16-160000.1.1
php8-openssl-8.4.16-160000.1.1
php8-pcntl-8.4.16-160000.1.1
php8-pdo-8.4.16-160000.1.1
php8-pgsql-8.4.16-160000.1.1
php8-phar-8.4.16-160000.1.1
p...
Read the Full Advisory* bsc#1255043
* bsc#1255710
* bsc#1255711
* bsc#1255712
References:
* https://www.suse.com/security/cve/CVE-2025-14177.html
* https://www.suse.com/security/cve/CVE-2025-14178.html
* https://www.suse.com/security/cve/CVE-2025-14180.html
Get the latest Linux and open source security news straight to your inbox.