It was discovered that PHP incorrectly handled SOAP object deduplication when processing apache:Map nodes with duplicate keys. An attacker could possibly use this to cause a use-after-free, resulting in remote code execution. (CVE-2026-6722)
It was discovered that PHP incorrectly handled SOAP request persistence when configured with SOAPPERSISTENCESESSION. An attacker could possibly use this to cause a use-after-free, resulting in memory corruption, information disclosure, or a denial of service. (CVE-2026-7261)
It was discovered that the PDO Firebird driver in PHP improperly handled NUL bytes when quoting SQL query strings. An attacker could possibly use this to perform SQL injection when attacker-controlled values are embedded in SQL statements. (CVE-2025-14179)
{
"availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "libapache2-mod-php7.0",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "libphp7.0-embed",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-bcmath",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-bz2",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-cgi",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-cli",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-common",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-curl",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-dba",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-enchant",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-fpm",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-gd",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-gmp",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-imap",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-interbase",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-intl",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-json",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-ldap",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-mbstring",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-mcrypt",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-mysql",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-odbc",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-opcache",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-pgsql",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-phpdbg",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-pspell",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-readline",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-recode",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-snmp",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-soap",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-sqlite3",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-sybase",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-tidy",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-xml",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-xmlrpc",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-xsl",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
},
{
"binary_name": "php7.0-zip",
"binary_version": "7.0.33-0ubuntu0.16.04.16+esm19"
}
]
}
{
"cves": [
{
"id": "CVE-2025-14179",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-6722",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/AU:Y/RE:M/U:Red",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2026-7261",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:P/AU:Y/RE:M/U:Amber",
"type": "CVSS_V4"
},
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-8513-1.json"