Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04: PHP Security Advisory 7648-3 CVE-2025-1735 DoS Issue

ubuntu
Calendar Grey September 4, 2025
Dist Ubuntu Esm H88
The latest update from Ubuntu addresses a bug affecting PHP versions 7.0, 7.2, and 7.4, reinforcing service reliability.
USN-7648-2 introduced a regression in PHP

Summary

USN-7648-2 introduced a regression in PHP

Software Description:

- php7.4: HTML-embedded scripting language interpreter

- php7.2: HTML-embedded scripting language interpreter

- php7.0: HTML-embedded scripting language interpreter

Details:

USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735

caused a regression in php7.0, php7.2 and php7.4. This update fixes

the problem.

We apologize for the inconvenience.

Original advisory details:

It was discovered that PHP incorrectly handled certain hostnames containing

null characters. A remote attacker could possibly use this issue to bypass

certain hostname validation checks. (CVE-2025-1220)

It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql

escaping functions. A remote attacker could possibly use this issue to

cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)

It was discovered that PHP incorrectly handled parsing certain XML data in

SOAP extensions. A remote attacker coul...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS
  php7.4                          7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro
  php7.4-cgi                      7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro
  php7.4-cli                      7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro
  php7.4-common                   7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro
  php7.4-fpm                      7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro
  php7.4-pgsql                    7.4.3-4ubuntu2.29+esm2
                                  Available with Ubuntu Pro

Ubuntu 18.04 LTS
  php7.2                          7.2.24-0ubuntu0.18.04.17+esm11
                                  Available with Ubuntu Pro
  php7.2-cgi                      7.2.24-0ubuntu0.18.04.17+esm11
                                  Available with Ubuntu Pro
  php7.2-cli                      7.2.24-0ubuntu0.18.04.17+esm11
                                  Available with Ubuntu Pro
  php7.2-fpm                      7.2.24-0ubuntu0.18.04.17+esm11
                                  Available with Ubuntu Pro
  php7.2-pgsql                    7.2.24-0ubuntu0.18.04.17+esm11
                                  Available with Ubuntu Pro

Ubuntu 16.04 LTS
  php7.0                          7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro
  php7.0-cgi                      7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro
  php7.0-cli                      7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro
  php7.0-common                   7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro
  php7.0-fpm                      7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro
  php7.0-pgsql                    7.0.33-0ubuntu0.16.04.16+esm18
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7648-3

https://ubuntu.com/security/notices/USN-7648-2

https://ubuntu.com/security/notices/USN-7648-1

CVE-2025-1735, https://bugs.launchpad.net/ubuntu/+source/php7.4/+bug/2121643

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7648-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here