Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu PHP Critical Use-After-Free SQL Injection USN-8513-1

ubuntu
Calendar Grey July 6, 2026
Dist Ubuntu Esm H88
Critical vulnerabilities found in PHP could allow remote code execution or denial of service in Ubuntu 16.04 LTS. Update now!
PHP could be made to crash or run programs if it received specially crafted network traffic.

Summary

PHP could be made to crash or run programs if it received

specially crafted network traffic.

Software Description:

- php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled SOAP object deduplication

when processing apache:Map nodes with duplicate keys. An attacker could

possibly use this to cause a use-after-free, resulting in remote code

execution. (CVE-2026-6722)

It was discovered that PHP incorrectly handled SOAP request persistence when

configured with SOAP_PERSISTENCE_SESSION. An attacker could possibly use this

to cause a use-after-free, resulting in memory corruption, information

disclosure, or a denial of service. (CVE-2026-7261)

It was discovered that the PDO Firebird driver in PHP improperly handled NUL

bytes when quoting SQL query strings. An attacker could possibly use this to

perform SQL injection when attacker-controlled values are embedded in SQL

statements. (CVE-2025-14179)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
  php7.0-interbase                7.0.33-0ubuntu0.16.04.16+esm19
                                  Available with Ubuntu Pro
  php7.0-soap                     7.0.33-0ubuntu0.16.04.16+esm19
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-8513-1

CVE-2025-14179, CVE-2026-6722, CVE-2026-7261

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-8513-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here