Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Severe Remote Code Execution Vulnerability in SUSE Linux 16.0 php8 Update

suse
Calendar Grey May 15, 2026
Dist Suse Esm H88
Critical security update for SUSE php8 addressing 10 vulnerabilities, ensuring system stability and safety.
An update that solves 10 vulnerabilities can now be installed.

Summary

## This update for php8 fixes the following issues * CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL injection (bsc#1264778). * CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in `mb_convert_encoding()` can lead to information disclosure and denial of service (bsc#1264777). * CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution (bsc#1264776). * CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS (bsc#1264775). * CVE-2026-7258: signed `char` values passed to `ctype` functions like `isxdigit` can lead to OOB access and denial of service (bsc#1264774).

References

* bsc#1264769

* bsc#1264770

* bsc#1264771

* bsc#1264772

* bsc#1264773

* bsc#1264774

* bsc#1264775

* bsc#1264776

* bsc#1264777

* bsc#1264778

Cross-

* CVE-2025-14179

* CVE-2026-6104

* CVE-2026-6722

* CVE-2026-6735

* CVE-2026-7258

* CVE-2026-7259

* CVE-2026-7261

* CVE-2026-7262

* CVE-2026-7263

* CVE-2026-7568

CVSS scores:

* CVE-2025-14179 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2025-14179 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-14179 ( NVD ): 7.4

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:M/U:Amber

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21612-1
Release Date: 2026-05-13T07:57:49Z
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here