OESA-2026-2420
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2420
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2026-2420.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2026-2420
- Upstream
- Published
- 2026-05-22T13:21:35Z
- Modified
- 2026-05-22T13:30:11.275618341Z
- Summary
- php security update
- Details
-
PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server.
Security Fix(es):
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the PDO Firebird driver improperly handles NUL bytes when preparing SQL queries. During token-by-token query construction, a string token containing a NUL byte is copied via strncat(), which stops at the NUL byte, dropping the closing quote and causing subsequent SQL tokens to be interpreted as part of the string. This allows SQL injection when attacker-controlled values are quoted via PDO::quote() and embedded in SQL statements.(CVE-2025-14179)
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to improper sanitation of user data, it allows an attacker to compose an URL, which will cause the target to execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing the PHP-FPM status page.(CVE-2026-6735)
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On the systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can lead to accessing array with negative offset, which can trigger a denial of service.(CVE-2026-7258)
In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when SoapServer is configured with SOAPPERSISTENCESESSION, the handler object is persisted across requests via session storage. However, in the case SOAP requests results in an error, the persistance is handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-after-free. This may lead to memory corruption, information disclosure, or process crashes, with confidentiality, integrity, and availability impact on the vulnerable system.(CVE-2026-7261)
- Database specific
{ "severity": "Critical" }- References
Affected packages
openEuler:20.03-LTS-SP4 / php
Package
- Name
- php
- Purl
- pkg:rpm/openEuler/php&distro=openEuler-20.03-LTS-SP4
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed8.0.30-13.oe2003sp4
Ecosystem specific
{
"x86_64": [
"php-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-bcmath-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-cli-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-common-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-dba-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-dbg-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-debuginfo-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-debugsource-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-devel-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-embedded-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-enchant-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-ffi-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-fpm-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-gd-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-gmp-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-intl-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-ldap-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-mbstring-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-mysqlnd-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-odbc-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-opcache-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-pdo-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-pgsql-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-process-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-snmp-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-soap-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-sodium-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-tidy-8.0.30-13.oe2003sp4.x86_64.rpm",
"php-xml-8.0.30-13.oe2003sp4.x86_64.rpm"
],
"aarch64": [
"php-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-bcmath-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-cli-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-common-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-dba-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-dbg-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-debuginfo-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-debugsource-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-devel-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-embedded-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-enchant-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-ffi-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-fpm-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-gd-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-gmp-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-intl-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-ldap-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-mbstring-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-mysqlnd-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-odbc-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-opcache-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-pdo-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-pgsql-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-process-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-snmp-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-soap-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-sodium-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-tidy-8.0.30-13.oe2003sp4.aarch64.rpm",
"php-xml-8.0.30-13.oe2003sp4.aarch64.rpm"
],
"noarch": [
"php-help-8.0.30-13.oe2003sp4.noarch.rpm"
],
"src": [
"php-8.0.30-13.oe2003sp4.src.rpm"
]
}