Ubuntu 24.04 LTS, 25.04, 25.10: PHP Important Memory Issues USN-7953-1

ubuntu

January 12, 2026

Several security issues were fixed in PHP.

Summary

Several security issues were fixed in PHP.

Software Description:

- php8.4: HTML-embedded scripting language interpreter

- php8.3: HTML-embedded scripting language interpreter

- php8.1: HTML-embedded scripting language interpreter

- php7.4: HTML-embedded scripting language interpreter

- php7.2: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled memory while reading images

in multi-chunk mode. An attacker could possibly use this issue to obtain

sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu

25.04 and Ubuntu 25.10. (CVE-2025-14177)

It was discovered that PHP incorrectly handled memory when element count

exceeds 32-bit limit. An attacker could possibly use this issue to cause

a denial of service. (CVE-2025-14178)

It was discovered that PHP incorrectly handled memory when using the PDO

PostgreSQL driver. An attacker could possibly use this issue to cause a

denial of service. This issue only affected Ubuntu ...

Read the Full Advisory

Topics Covered

security advisory denial of service php Ubuntu important information disclosure

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  php8.4                          8.4.11-1ubuntu1.1

Ubuntu 25.04
  php8.4                          8.4.5-1ubuntu1.2

Ubuntu 24.04 LTS
  php8.3                          8.3.6-0ubuntu0.24.04.6

Ubuntu 22.04 LTS
  php8.1                          8.1.2-1ubuntu2.23

Ubuntu 20.04 LTS
  php7.4                          7.4.3-4ubuntu2.29+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm12
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.