| Source | Link |
|---|---|
| bodhi | www.bodhi.fedoraproject.org/updates/FEDORA-2026-ec9cb4652f |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2026-ec9cb4652f
#
include('compat.inc');
if (description)
{
script_id(326098);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/10");
script_xref(name:"FEDORA", value:"2026-ec9cb4652f");
script_name(english:"Fedora 44 : php (2026-ec9cb4652f)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 44 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2026-ec9cb4652f advisory.
**PHP version 8.5.8** (02 Jul 2026)
**Core:**
* Fixed bug [GH-22280](https://github.com/php/php-src/issues/22280) (Incorrect compile error for goto to
label preceding try/finally block). (Pratik Bhujel)
* Fixed bug [GH-22112](https://github.com/php/php-src/issues/22112) (Assertion when error handler throws
during NaN to bool/string coercion). (iliaal)
**BCMath:**
* Fixed issues with oversized allocations and signed overflow in bcround() and BcMath\Number::round().
(edorian)
**Date:**
* Fix incorrect recurrence check of DatePeriod::createFromISO8601String(). (ndossche)
**Exif:**
* Read correct value for single and double tags. (ndossche)
**GD:**
* Fixed bug [GH-22121](https://github.com/php/php-src/issues/22121) (Double free in gdImageSetStyle()
after overflow-triggered early return). (iliaal)
**Intl:**
* Fix incorrect argument positions for invalid start/end arguments in transliterator_transliterate().
(Weilin Du)
* Fixed IntlTimeZone::getDisplayName() to synchronize object error state for invalid display types.
(Weilin Du)
**Lexbor:**
* Merge patch c3a6847. (ilutov, timwolla)
**Opcache:**
* Fixed bug [GH-22265](https://github.com/php/php-src/issues/22265) (Another tailcall vm_interrupt bug).
(Levi Morrison)
* Fixed bug [GH-20469](https://github.com/php/php-src/issues/20469) (Unsafe inheritance cache replay with
reentrant autoloading). (Levi Morrison)
* Fixed bug [GH-21972](https://github.com/php/php-src/issues/21972) (Corrupted variable type when a typed
by-value return contains a reference wrapper). (Weilin Du)
**OpenSSL:**
* Fixed bug [GH-22187](https://github.com/php/php-src/issues/22187) (Memory corruption (zend_mm_heap
corrupted) in openssl_encrypt with AES-WRAP-PAD). (David Carlier)
**Phar:**
* Fixed a bypass of the magic .phar directory protection in Phar::addEmptyDir() for paths starting with
/.phar, while allowing non-magic directory names that merely share the .phar prefix. (Weilin Du)
**Reflection:**
* Preserve class-name case in ReflectionClass::getProperty() error messages and autoloading. (jorgsowa)
**SOAP:**
* Fixed bug [GH-22218](https://github.com/php/php-src/issues/22218) (SoapServer::handle() crash on
$_SERVER not being an array). (David Carlier / Rex-Reynolds)
* Fixed bug [GH-22285](https://github.com/php/php-src/issues/22285) (Soap server requires the raw input to
be passed to $server->handle). (David Carlier / ndossche)
**Sqlite:**
* Fix error checks for column retrieval. (ndossche)
**URI:**
* Add LEXBOR_STATIC to CFLAGS_URI on Windows so ext/uri does not see LXB_API as __declspec(dllimport) when
linked statically into PHP. (Luther Monson)
* Clean error logs before each Uri\WhatWg\Url wither call so that errors from previous wither calls are
not returned the next time a UrlValidationError is thrown. (kocsismate)
**Zlib:**
* Fixed memory leak if deflate initialization fails and there is a dict. (ndossche)
* Fixed memory leak in inflate_add(). (ndossche)
Tenable has extracted the preceding description block directly from the Fedora security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2026-ec9cb4652f");
script_set_attribute(attribute:"solution", value:
"Update the affected php package.");
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/07/01");
script_set_attribute(attribute:"patch_publication_date", value:"2026/07/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:44");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:php");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Fedora' >!< os_product) audit(AUDIT_OS_NOT, 'Fedora');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
if (! preg(pattern:"^44([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Fedora 44', 'Fedora ' + os_version);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var constraints = [
{
'release': '44',
'pkgs': [
{'reference':'php-8.5.8-1.fc44', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation