SUSE-SU-2026:0086-1: moderate: Security update for php8
SLE-SECURITY-UPDATES
null at suse.de
Fri Jan 9 20:33:20 UTC 2026
# Security update for php8
Announcement ID: SUSE-SU-2026:0086-1
Release Date: 2026-01-09T15:01:56Z
Rating: moderate
References:
* bsc#1255710
* bsc#1255711
* bsc#1255712
Cross-References:
* CVE-2025-14177
* CVE-2025-14178
* CVE-2025-14180
CVSS scores:
* CVE-2025-14177 ( SUSE ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N
* CVE-2025-14177 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
* CVE-2025-14177 ( NVD ): 6.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
* CVE-2025-14177 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
* CVE-2025-14178 ( SUSE ): 8.3
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14178 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-14178 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2025-14180 ( SUSE ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
* CVE-2025-14180 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2025-14180 ( NVD ): 8.2
CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Affected Products:
* SUSE Linux Enterprise Server 15 SP7
* SUSE Linux Enterprise Server for SAP Applications 15 SP7
* Web and Scripting Module 15-SP7
An update that solves three vulnerabilities can now be installed.
## Description:
This update for php8 fixes the following issues:
Security fixes:
* CVE-2025-14177: getimagesize() function may leak uninitialized heap memory
into the APPn segments when reading images in multi-chunk mode
(bsc#1255710).
* CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total
element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE
(bsc#1255711).
* CVE-2025-14180: null pointer dereference in pdo_parse_params() function when
using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled
(bsc#1255712).
Other fixes:
Version 8.3.29 Core: Sync all boost.context files with release 1.86.0. Fixed bug
GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic
parameter). Fixed bug GH-20286 (use-after-destroy during userland
stream_close()). Bz2: Fix assertion failures resulting in crashes with stream
filter object parameters. Date: Fix crashes when trying to instantiate
uninstantiable classes via date static constructors. DOM: Fix missing NUL byte
check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with
fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow
on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output
values). Fixed bug GH-20602 (imagescale overflow with large height values).
Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message
suggests missing constants). LibXML: Fix some deprecations on newer libxml
versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491
(SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring
compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression
breaks mysql connexion using an IPv6 address enclosed in square brackets).
Opcache: Fixed bug GH-20329 (opcache.file_cache broken with full interned string
buffer). PDO: Fixed GHSA-8xr5-qppj-gvwj (PDO quoting result null deref).
(CVE-2025-14180) Phar: Fixed bug GH-20442 (Phar does not respect case-
insensitiveness of __halt_compiler() when reading stub). Fix broken return value
of fflush() for phar file entries. Fix assertion failure when fseeking a phar
file out of bounds. PHPDBG: Fixed ZPP type violation in phpdbg_get_executable()
and phpdbg_end_oplog(). SPL: Fixed bug GH-20614 (SplFixedArray incorrectly
handles references in deserialization). Standard: Fix memory leak in
array_diff() with custom type checks. Fixed bug GH-20583 (Stack overflow in
http_build_query via deep structures). Fixed GHSA-www2-q4fc-65wf (Null byte
termination in dns_get_record()). Fixed GHSA-h96m-rvf9-jgm2 (Heap buffer
overflow in array_merge()). (CVE-2025-14178) Fixed GHSA-3237-qqm7-mfv7
(Information Leak of Memory in getimagesize). (CVE-2025-14177) Tidy: Fixed bug
GH-20374 (PHP with tidy and custom-tags). XML: Fixed bug GH-20439
(xml_set_default_handler() does not properly handle special characters in
attributes when passing data to callback). Zip: Fix crash in property existence
test. Don't truncate return value of zip_fread() with user sizes. Zlib: Fix
assertion failures resulting in crashes with stream filter object parameters.
Version 8.3.28 Core: Fixed bug GH-19934 (CGI with auto_globals_jit=0 causes
uouv). Fixed bug GH-20073 (Assertion failure in WeakMap offset operations on
reference). Fixed bug GH-19844 (Don't bail when closing resources on shutdown).
Fixed bug GH-20177 (Accessing overridden private property in get_object_vars()
triggers assertion error). Fixed bug GH-20183 (Stale EG(opline_before_exception)
pointer through eval). DOM: Partially fixed bug GH-16317 (DOM classes do not
allow __debugInfo() overrides to work). Exif: Fix possible memory leak when tag
is empty. FPM: Fixed bug GH-19974 (fpm_status_export_to_zval segfault for
parallel execution). FTP: Fixed bug GH-20240 (FTP with SSL: ftp_fput():
Connection timed out on successful writes). GD: Fixed bug GH-20070 (Return type
violation in imagefilter when an invalid filter is provided). Intl: Fix memory
leak on error in locale_filter_matches(). LibXML: Fix not thread safe
schema/relaxng calls. MySQLnd: Fixed bug GH-8978 (SSL certificate verification
fails (port doubled)). Fixed bug GH-20122 (getColumnMeta() for JSON-column in
MySQL). Opcache: Fixed bug GH-20081 (access to uninitialized vars in
preload_load()). Fixed bug GH-20121 (JIT broken in ZTS builds on MacOS 15).
PgSql: Fix memory leak when first string conversion fails. Fix segfaults when
attempting to fetch row into a non-instantiable class name. Phar: Fix memory
leak of argument in webPhar. Fix memory leak when setAlias() fails. Fix a bunch
of memory leaks in phar_parse_zipfile() error handling. Fix file
descriptor/memory leak when opening central fp fails. Fix memleak+UAF when
opening temp stream in buildFromDirectory() fails. Fix potential buffer length
truncation due to usage of type int instead of type size_t. Fix memory leak when
openssl polyfill returns garbage. Fix file descriptor leak in phar_zip_flush()
on failure. Fix memory leak when opening temp file fails while trying to open
gzip-compressed archive. Fixed bug GH-20302 (Freeing a phar alias may invalidate
PharFileInfo objects). Random: Fix Randomizer::__serialize() w.r.t. INDIRECTs.
SimpleXML: Partially fixed bug GH-16317 (SimpleXML does not allow __debugInfo()
overrides to work). Standard: Fix shm corruption with coercion in options of
unserialize(). Streams: Fixed bug GH-19798: XP_SOCKET XP_SSL (Socket stream
modules): Incorrect condition for Win32/Win64. Tidy: Fixed GH-19021 (improved
tidyOptGetCategory detection). Fix UAF in tidy when tidySetErrorBuffer() fails.
XMLReader: Fix arginfo/zpp violations when LIBXML_SCHEMAS_ENABLED is not
available. Windows: Fix GH-19722 ( _get_osfhandle asserts in debug mode when
given a socket). Zip: Fix memory leak when passing enc_method/enc_password is
passed as option for ZipArchive::addGlob()/addPattern() and with consecutive
calls. Version 8.3.27 Core: Fixed bug GH-19765 (object_properties_load()
bypasses readonly property checks). Fixed hard_timeout with --enable-zend-max-
execution-timers. Fixed bug GH-19792 (SCCP causes UAF for return value if both
warning and exception are triggered). Fixed bug GH-19653 (Closure named argument
unpacking between temporary closures can cause a crash). Fixed bug GH-19839
(Incorrect HASH_FLAG_HAS_EMPTY_IND flag on userland array). Fixed bug GH-19480
(error_log php.ini cannot be unset when open_basedir is configured). Fixed bug
GH-20002 (Broken build on *BSD with MSAN). CLI: Fix useless "Failed to poll
event" error logs due to EAGAIN in CLI server with PHP_CLI_SERVER_WORKERS. Curl:
Fix cloning of CURLOPT_POSTFIELDS when using the clone operator instead of the
curl_copy_handle() function to clone a CurlHandle. Fix curl build and test
failures with version 8.16. Date: Fixed GH-17159: "P" format for
::createFromFormat swallows string literals. DBA: Fixed GH-19885 (dba_fetch()
overflow on skip argument). GD: Fixed GH-19955 (imagefttext() memory leak).
MySQLnd: Fixed bug #67563 (mysqli compiled with mysqlnd does not take ipv6
adress as parameter). Phar: Fix memory leak and invalid continuation after tar
header writing fails. Fix memory leaks when creating temp file fails when
applying zip signature. SimpleXML: Fixed bug GH-19988 (zend_string_init with
NULL pointer in simplexml (UB)). Soap: Fixed bug GH-19784 (SoapServer memory
leak). Fixed bug GH-20011 (Array of SoapVar of unknown type causes crash).
Standard: Fixed bug GH-12265 (Cloning an object breaks serialization recursion).
Fixed bug GH-19701 (Serialize/deserialize loses some data). Fixed bug GH-19801
(leaks in var_dump() and debug_zval_dump()). Fixed bug GH-20043 (array_unique
assertion failure with RC1 array causing an exception on sort). Fixed bug
GH-19926 (reset internal pointer earlier while splicing array while COW
violation flag is still set). Fixed bug GH-19570 (unable to fseek in /dev/zero
and /dev/null). Streams: Fixed bug GH-19248 (Use strerror_r instead of strerror
in main). Fixed bug GH-17345 (Bug #35916 was not completely fixed). Fixed bug
GH-19705 (segmentation when attempting to flush on non seekable stream.
XMLReader: Fixed bug GH-20009 (XMLReader leak on RelaxNG schema failure). Zip:
Fixed bug GH-19688 (Remove pattern overflow in zip addGlob()). Fixed bug
GH-19932 (Memory leak in zip setEncryptionName()/setEncryptionIndex()). Zlib:
Fixed bug GH-19922 (Double free on gzopen). Version 8.3.26 Core: Fixed bug
GH-18850 (Repeated inclusion of file with __halt_compiler() triggers "Constant
already defined" warning). Partially fixed bug GH-19542 (Scanning of string
literals >=2GB will fail due to signed int overflow). Fixed bug GH-19544 (GC
treats ZEND_WEAKREF_TAG_MAP references as WeakMap references). Fixed bug
GH-19613 (Stale array iterator pointer). Fixed bug GH-19679
(zend_ssa_range_widening may fail to converge). Fixed bug GH-19681
(PHP_EXPAND_PATH broken with bash 5.3.0). Fixed bug GH-19720 (Assertion failure
when error handler throws when accessing a deprecated constant). CLI: Fixed bug
GH-19461 (Improve error message on listening error with IPv6 address). Date:
Fixed date_sunrise() and date_sunset() with partial-hour UTC offset. DOM: Fixed
bug GH-19612 (Mitigate libxml2 tree dictionary bug). FPM: Fixed failed debug
assertion when php_admin_value setting fails. GD: Fixed bug GH-19579
(imagefilledellipse underflow on width argument). Intl: Fixed bug GH-11952 (Fix
locale strings canonicalization for IntlDateFormatter and NumberFormatter).
OpenSSL: Fixed bug GH-19245 (Success error message on TLS stream accept
failure). PGSQL: Fixed bug GH-19485 (potential use after free when using
persistent pgsql connections). Phar: Fixed memory leaks when verifying OpenSSL
signature. Fix memory leak in phar tar temporary file error handling code. Fix
metadata leak when phar convert logic fails. Fix memory leak on failure in
phar_convert_to_other(). Fixed bug GH-19752 (Phar decompression with invalid
extension can cause UAF). Standard: Fixed bug GH-16649 (UAF during
array_splice). Fixed bug GH-19577 (Avoid integer overflow when using a small
offset and PHP_INT_MAX with LimitIterator). Streams: Remove incorrect call to
zval_ptr_dtor() in user_wrapper_metadata(). Fix OSS-Fuzz #385993744. Tidy: Fixed
GH-19021 build issue with libtidy in regard of tidyOptIsReadonly deprecation and
TidyInternalCategory being available later than tidyOptGetCategory. Zip: Fix
memory leak in zip when encountering empty glob result. Version 8.3.25 Core:
Fixed GH-19169 build issue with C++17 and ZEND_STATIC_ASSERT macro. Fixed bug
GH-18581 (Coerce numeric string keys from iterators when argument unpacking).
Fixed OSS-Fuzz #434346548 (Failed assertion with throwing __toString in binary
const expr). Fixed bug GH-19305 (Operands may be being released during
comparison). Fixed bug GH-19303 (Unpacking empty packed array into uninitialized
array causes assertion failure). Fixed bug GH-19306 (Generator can be resumed
while fetching next value from delegated Generator). Fixed bug GH-19326 (Calling
Generator::throw() on a running generator with a non-Generator delegate
crashes). Fixed bug GH-18736 (Circumvented type check with return by ref +
finally). Fixed zend call stack size for macOs/arm64. Fixed bug GH-19065 (Long
match statement can segfault compiler during recursive SSA renaming). Calendar:
Fixed bug GH-19371 (integer overflow in calendar.c). FTP: Fix theoretical issues
with hrtime() not being available. GD: Fix incorrect comparison with result of
php_stream_can_cast(). Hash: Fix crash on clone failure. Intl: Fixed GH-19261:
msgfmt_parse_message leaks on message creation failure. Fix return value on
failure for resourcebundle count handler. LDAP: Fixed bug GH-18529 (additional
inheriting of TLS int options). LibXML: Fixed bug GH-19098 (libxml<2.13
segmentation fault caused by php_libxml_node_free). MbString: Fixed bug GH-19397
(mb_list_encodings() can cause crashes on shutdown). Opcache: Reset global
pointers to prevent use-after-free in zend_jit_status(). OpenSSL: Fixed bug
GH-18986 (OpenSSL backend: incorrect RAND__file() return value check). Fix error
return check of EVP_CIPHER_CTX_ctrl(). Fixed bug GH-19428 (openssl_pkey_derive
segfaults for DH derive with low key_length param). PDO Pgsql: Fixed dangling
pointer access on _pdo_pgsql_trim_message helper. Readline: Fixed bug GH-19250
and bug #51360 (Invalid conftest for rl_pending_input). SOAP: Fixed bug GH-18640
(heap-use-after-free ext/soap/php_encoding.c:299:32 in soap_check_zval_ref).
Sockets: Fix some potential crashes on incorrect argument value. Standard: Fixed
OSS Fuzz #433303828 (Leak in failed unserialize() with opcache). Fix theoretical
issues with hrtime() not being available. Fixed bug GH-19300 (Nested
array_multisort invocation with error breaks). Windows: Free opened_path when
opened_path_len >= MAXPATHLEN. Version 8.3.24 Calendar: Fixed jewishtojd
overflow on year argument. Core: Fixed bug GH-18833 (Use after free with
weakmaps dependent on destruction order). Fix OSS-Fuzz #427814456. Fix OSS-Fuzz
#428983568 and #428760800. Fixed bug GH-17204 -Wuseless-escape warnings emitted
by re2c. Curl: Fix memory leaks when returning refcounted value from curl
callback. Remove incorrect string release. LDAP: Fixed GH-18902
ldap_exop/ldap_exop_sync assert triggered on empty request OID. MbString: Fixed
bug GH-18901 (integer overflow mb_split). OCI8: Fixed bug GH-18873
(OCI_RETURN_LOBS flag causes oci8 to leak memory). Opcache: Fixed bug GH-18639
(Internal class aliases can break preloading + JIT). Fixed bug GH-14082
(Segmentation fault on unknown address 0x600000000018 in
ext/opcache/jit/zend_jit.c). OpenSSL: Fixed bug #80770 (It is not possible to
get client peer certificate with stream_socket_server). PCNTL: Fixed bug
GH-18958 (Fatal error during shutdown after pcntl_rfork() or pcntl_forkx() with
zend-max-execution-timers). Phar: Fix stream double free in phar. Fix phar crash
and file corruption with SplFileObject. SOAP: Fixed bug GH-18990, bug #81029,
bug #47314 (SOAP HTTP socket not closing on object destruction). Fix memory leak
when URL parsing fails in redirect. SPL: Fixed bug GH-19094 (Attaching class
with no Iterator implementation to MultipleIterator causes crash). Standard: Fix
misleading errors in printf(). Fix RCN violations in array functions. Fixed
GH-18976 pack() overflow with h/H format and INT_MAX repeater value. Streams:
Fixed GH-13264 (fgets() and stream_get_line() do not return false on filter
fatal error). Zip: Fix leak when path is too long in ZipArchive::extractTo().
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2026-86=1
## Package List:
* Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64)
* php8-phar-8.3.29-150700.3.9.1
* php8-ftp-8.3.29-150700.3.9.1
* php8-calendar-debuginfo-8.3.29-150700.3.9.1
* php8-opcache-8.3.29-150700.3.9.1
* php8-sockets-debuginfo-8.3.29-150700.3.9.1
* php8-xmlreader-debuginfo-8.3.29-150700.3.9.1
* php8-embed-debugsource-8.3.29-150700.3.9.1
* php8-ftp-debuginfo-8.3.29-150700.3.9.1
* php8-intl-debuginfo-8.3.29-150700.3.9.1
* php8-dom-debuginfo-8.3.29-150700.3.9.1
* php8-posix-debuginfo-8.3.29-150700.3.9.1
* php8-sockets-8.3.29-150700.3.9.1
* php8-calendar-8.3.29-150700.3.9.1
* apache2-mod_php8-debuginfo-8.3.29-150700.3.9.1
* php8-pcntl-8.3.29-150700.3.9.1
* php8-tokenizer-8.3.29-150700.3.9.1
* php8-shmop-8.3.29-150700.3.9.1
* php8-xmlwriter-debuginfo-8.3.29-150700.3.9.1
* php8-embed-8.3.29-150700.3.9.1
* php8-test-8.3.29-150700.3.9.1
* php8-exif-8.3.29-150700.3.9.1
* php8-sodium-8.3.29-150700.3.9.1
* php8-curl-8.3.29-150700.3.9.1
* php8-intl-8.3.29-150700.3.9.1
* php8-xmlwriter-8.3.29-150700.3.9.1
* php8-posix-8.3.29-150700.3.9.1
* php8-tidy-8.3.29-150700.3.9.1
* php8-exif-debuginfo-8.3.29-150700.3.9.1
* php8-openssl-debuginfo-8.3.29-150700.3.9.1
* php8-pgsql-8.3.29-150700.3.9.1
* php8-sysvsem-8.3.29-150700.3.9.1
* php8-sqlite-8.3.29-150700.3.9.1
* php8-sqlite-debuginfo-8.3.29-150700.3.9.1
* php8-fpm-debugsource-8.3.29-150700.3.9.1
* php8-sysvshm-debuginfo-8.3.29-150700.3.9.1
* php8-fastcgi-debugsource-8.3.29-150700.3.9.1
* php8-sysvmsg-8.3.29-150700.3.9.1
* php8-pdo-debuginfo-8.3.29-150700.3.9.1
* php8-debuginfo-8.3.29-150700.3.9.1
* php8-sysvmsg-debuginfo-8.3.29-150700.3.9.1
* php8-gettext-8.3.29-150700.3.9.1
* php8-ctype-8.3.29-150700.3.9.1
* php8-cli-8.3.29-150700.3.9.1
* php8-gd-8.3.29-150700.3.9.1
* php8-mbstring-debuginfo-8.3.29-150700.3.9.1
* php8-fastcgi-debuginfo-8.3.29-150700.3.9.1
* php8-gmp-debuginfo-8.3.29-150700.3.9.1
* php8-bz2-debuginfo-8.3.29-150700.3.9.1
* php8-readline-8.3.29-150700.3.9.1
* php8-ctype-debuginfo-8.3.29-150700.3.9.1
* php8-8.3.29-150700.3.9.1
* php8-embed-debuginfo-8.3.29-150700.3.9.1
* php8-pgsql-debuginfo-8.3.29-150700.3.9.1
* php8-phar-debuginfo-8.3.29-150700.3.9.1
* php8-bcmath-debuginfo-8.3.29-150700.3.9.1
* php8-snmp-debuginfo-8.3.29-150700.3.9.1
* php8-fileinfo-debuginfo-8.3.29-150700.3.9.1
* php8-bz2-8.3.29-150700.3.9.1
* php8-dom-8.3.29-150700.3.9.1
* php8-xsl-debuginfo-8.3.29-150700.3.9.1
* php8-xmlreader-8.3.29-150700.3.9.1
* php8-enchant-8.3.29-150700.3.9.1
* php8-curl-debuginfo-8.3.29-150700.3.9.1
* php8-fpm-debuginfo-8.3.29-150700.3.9.1
* php8-gd-debuginfo-8.3.29-150700.3.9.1
* php8-debugsource-8.3.29-150700.3.9.1
* php8-fileinfo-8.3.29-150700.3.9.1
* php8-odbc-debuginfo-8.3.29-150700.3.9.1
* php8-ldap-8.3.29-150700.3.9.1
* php8-devel-8.3.29-150700.3.9.1
* php8-zip-debuginfo-8.3.29-150700.3.9.1
* php8-fpm-8.3.29-150700.3.9.1
* php8-tokenizer-debuginfo-8.3.29-150700.3.9.1
* php8-soap-debuginfo-8.3.29-150700.3.9.1
* php8-zip-8.3.29-150700.3.9.1
* php8-gmp-8.3.29-150700.3.9.1
* php8-openssl-8.3.29-150700.3.9.1
* php8-sysvsem-debuginfo-8.3.29-150700.3.9.1
* php8-readline-debuginfo-8.3.29-150700.3.9.1
* php8-sysvshm-8.3.29-150700.3.9.1
* php8-cli-debuginfo-8.3.29-150700.3.9.1
* php8-gettext-debuginfo-8.3.29-150700.3.9.1
* php8-enchant-debuginfo-8.3.29-150700.3.9.1
* php8-iconv-8.3.29-150700.3.9.1
* php8-dba-8.3.29-150700.3.9.1
* php8-opcache-debuginfo-8.3.29-150700.3.9.1
* php8-odbc-8.3.29-150700.3.9.1
* php8-mysql-8.3.29-150700.3.9.1
* php8-pcntl-debuginfo-8.3.29-150700.3.9.1
* php8-snmp-8.3.29-150700.3.9.1
* php8-dba-debuginfo-8.3.29-150700.3.9.1
* apache2-mod_php8-debugsource-8.3.29-150700.3.9.1
* php8-sodium-debuginfo-8.3.29-150700.3.9.1
* php8-zlib-debuginfo-8.3.29-150700.3.9.1
* php8-mysql-debuginfo-8.3.29-150700.3.9.1
* php8-ldap-debuginfo-8.3.29-150700.3.9.1
* php8-zlib-8.3.29-150700.3.9.1
* php8-mbstring-8.3.29-150700.3.9.1
* php8-bcmath-8.3.29-150700.3.9.1
* apache2-mod_php8-8.3.29-150700.3.9.1
* php8-fastcgi-8.3.29-150700.3.9.1
* php8-shmop-debuginfo-8.3.29-150700.3.9.1
* php8-soap-8.3.29-150700.3.9.1
* php8-tidy-debuginfo-8.3.29-150700.3.9.1
* php8-xsl-8.3.29-150700.3.9.1
* php8-pdo-8.3.29-150700.3.9.1
* php8-iconv-debuginfo-8.3.29-150700.3.9.1
## References:
* https://www.suse.com/security/cve/CVE-2025-14177.html
* https://www.suse.com/security/cve/CVE-2025-14178.html
* https://www.suse.com/security/cve/CVE-2025-14180.html
* https://bugzilla.suse.com/show_bug.cgi?id=1255710
* https://bugzilla.suse.com/show_bug.cgi?id=1255711
* https://bugzilla.suse.com/show_bug.cgi?id=1255712
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20260109/66a0d989/attachment.htm>
More information about the sle-security-updates
mailing list