ALSA-2026:1628 Important: php security update

🗓️ 02 Feb 2026 00:00:00Reported by GoogleType

osv🔗 osv.dev👁 3 Views

PHP update fixes heap overflow in array_merge, getimagesize exposure, and Denial of Service in PostgreSQL statements.

Reporter	Title	Published	Views	Family All 343
Tenable Nessus	Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1353)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1354)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1355)	8 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2026-008 (ALASPHP8.1-2026-008)	22 Jan 202600:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2PHP8.2-2026-009 (ALASPHP8.2-2026-009)	22 Jan 202600:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0043: php:7.4 (ALINUX3-SA-2026:0043)	5 Mar 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.2 (ALSA-2026:1409)	2 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 8 : php:8.2 (ALSA-2026:1412)	2 Feb 202600:00	–	nessus
Tenable Nessus	AlmaLinux 9 : php:8.3 (ALSA-2026:1429)	30 Jan 202600:00	–	nessus

Source	Link
access	www.access.redhat.com/errata/RHSA-2026:1628
access	www.access.redhat.com/security/cve/CVE-2025-14177
access	www.access.redhat.com/security/cve/CVE-2025-14178
access	www.access.redhat.com/security/cve/CVE-2025-14180
bugzilla	www.bugzilla.redhat.com/2425625
bugzilla	www.bugzilla.redhat.com/2425626
bugzilla	www.bugzilla.redhat.com/2425627
errata	www.errata.almalinux.org/10/ALSA-2026-1628.html

04 Feb 2026 02:49Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.16.5 - 8.2

CVSS 48.2

EPSS0.00047

SSVC