Alerts This Week
Warning Icon 1 619
Alerts This Week
Warning Icon 1 619

Ubuntu 24.04 LTS, 25.04, 25.10: PHP Important Memory Issues USN-7953-1

Calendar Jan 12, 2026 User Avatar LinuxSecurity Advisories
2 - 3 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service php Ubuntu important information disclosure
Several security issues were fixed in PHP. 
==========================================================================
Ubuntu Security Notice USN-7953-1
January 12, 2026

php7.2, php7.4, php8.1, php8.3, php8.4 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in PHP.

Software Description:
- php8.4: HTML-embedded scripting language interpreter
- php8.3: HTML-embedded scripting language interpreter
- php8.1: HTML-embedded scripting language interpreter
- php7.4: HTML-embedded scripting language interpreter
- php7.2: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled memory while reading images
in multi-chunk mode. An attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu
25.04 and Ubuntu 25.10. (CVE-2025-14177)

It was discovered that PHP incorrectly handled memory when element count
exceeds 32-bit limit. An attacker could possibly use this issue to cause
a denial of service. (CVE-2025-14178)

It was discovered that PHP incorrectly handled memory when using the PDO
PostgreSQL driver. An attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 22.04 LTS, Ubuntu
24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-14180)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
  php8.4                          8.4.11-1ubuntu1.1

Ubuntu 25.04
  php8.4                          8.4.5-1ubuntu1.2

Ubuntu 24.04 LTS
  php8.3                          8.3.6-0ubuntu0.24.04.6

Ubuntu 22.04 LTS
  php8.1                          8.1.2-1ubuntu2.23

Ubuntu 20.04 LTS
  php7.4                          7.4.3-4ubuntu2.29+esm3
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm12
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7953-1
  CVE-2025-14177, CVE-2025-14178, CVE-2025-14180

Package Information:
  https://launchpad.net/ubuntu/+source/php8.4/8.4.11-1ubuntu1.1
  https://launchpad.net/ubuntu/+source/php8.4/8.4.5-1ubuntu1.2
  https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.6
  https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.23

Ubuntu 24.04 LTS, 25.04, 25.10: PHP Important Memory Issues USN-7953-1

ubuntu
Calendar Grey January 12, 2026
Dist Ubuntu Esm H88
Several critical security issues were addressed in multiple PHP versions impacting Ubuntu releases. Immediate updates advised.
Several security issues were fixed in PHP.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 25.04 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in PHP. Software Description: - php8.4: HTML-embedded scripting language interpreter - php8.3: HTML-embedded scripting language interpreter - php8.1: HTML-embedded scripting language interpreter - php7.4: HTML-embedded scripting language interpreter - php7.2: HTML-embedded scripting language interpreter Details: It was discovered that PHP incorrectly handled memory while reading images in multi-chunk mode. An attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 24.04 LTS, Ubuntu 25.04 and Ubuntu 25.10. (CVE-2025-14177) It was discovered that PHP incorrectly handled memory when element count exceeds 32-bit limit. An attacker could possibly use this issue to cause a denial of service. (CVE-2025-14178) It was ...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory denial of service php Ubuntu important information disclosure

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 php8.4 8.4.11-1ubuntu1.1 Ubuntu 25.04 php8.4 8.4.5-1ubuntu1.2 Ubuntu 24.04 LTS php8.3 8.3.6-0ubuntu0.24.04.6 Ubuntu 22.04 LTS php8.1 8.1.2-1ubuntu2.23 Ubuntu 20.04 LTS php7.4 7.4.3-4ubuntu2.29+esm3 Available with Ubuntu Pro Ubuntu 18.04 LTS php7.2 7.2.24-0ubuntu0.18.04.17+esm12 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7953-1

CVE-2025-14177, CVE-2025-14178, CVE-2025-14180

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7953-1

Topics%20covered

Topics Covered

security advisory denial of service php Ubuntu important information disclosure

Package Information

https://launchpad.net/ubuntu/+source/php8.4/8.4.11-1ubuntu1.1 https://launchpad.net/ubuntu/+source/php8.4/8.4.5-1ubuntu1.2 https://launchpad.net/ubuntu/+source/php8.3/8.3.6-0ubuntu0.24.04.6 https://launchpad.net/ubuntu/+source/php8.1/8.1.2-1ubuntu2.23

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here