Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005838)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005838 advisory. In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functio...

RLSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

Moderate: Red Hat Security Advisory: php:7.4 security update

An update for the php:7.4 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

ALSA-2026:2470 Moderate: php:7.4 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-8929 php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11233 php: Configuring ...

AlmaLinux 9 : php:8.2 (ALSA-2026:1409)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2026:1409 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

AlmaLinux 9 : php:8.3 (ALSA-2025:23309)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:23309 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

RLSA-2025:23309 Moderate: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-6491 php: PHP Hostname Nul...

RockyLinux 9 : php:8.3 (RLSA-2025:23309)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:23309 advisory. php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace...

RHEL 9 : php:8.3 (RHSA-2025:23309)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:23309 advisory. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check f...

Moderate: php:8.3 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-6491 php: PHP Hostname Nul...

USN-7648-3: PHP regression

USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735 caused a regression in php7.0, php7.2 and php7.4. This update fixes the problem. We apologize for the inconvenience. Original advisory details: It was discovered that PHP incorrectly handled certain hostnames containing null...

CLSA-2025-1753963973 php: Fix of CVE-2025-1735

CVE-2025-1735: add error checking for pgsql extension escape functions, mainly to fix possible issues with multi-byte encoding of Postgres databases...

SUSE-SU-2025:02474-1 Security update for php8

This update for php8 fixes the following issues: Version update to 8.2.29: - CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 - CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 - CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP...

Security update for php8

This update for php8 fixes the following issues: Version update to 8.3.23: CVE-2025-1220: Fixed null byte termination in hostnames bsc1246167 CVE-2025-1735: Fixed pgsql extension does not check for errors during escaping bsc1246146 CVE-2025-6491: Fixed NULL Pointer Dereference in PHP SOAP Extensi...

USN-7648-1 php8.1, php8.3, php8.4 vulnerabilities

It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. CVE-2025-1220 It was discovered that PHP incorrectly handled the pgsql and pdopgsql escaping functions. A remo...

SUSE CVE-2025-1735

In PHP versions:8.1. before 8.1.33, 8.2. before 8.2.29, 8.3. before 8.3.23, 8.4. pgsql and pdopgsql escaping functions do not check if the underlying quoting functions returned errors. This could cause crashes if Postgres server rejects the string as invalid...