Home / mailings [USN-8513-1] PHP vulnerabilities
Posted on 06 July 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8513-1
July 06, 2026
php7.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 16.04 LTS
Summary:
PHP could be made to crash or run programs if it received
specially crafted network traffic.
Software Description:
- php7.0: HTML-embedded scripting language interpreter
Details:
It was discovered that PHP incorrectly handled SOAP object deduplication
when processing apache:Map nodes with duplicate keys. An attacker could
possibly use this to cause a use-after-free, resulting in remote code
execution. (CVE-2026-6722)
It was discovered that PHP incorrectly handled SOAP request persistence when
configured with SOAP_PERSISTENCE_SESSION. An attacker could possibly use this
to cause a use-after-free, resulting in memory corruption, information
disclosure, or a denial of service. (CVE-2026-7261)
It was discovered that the PDO Firebird driver in PHP improperly handled NUL
bytes when quoting SQL query strings. An attacker could possibly use this to
perform SQL injection when attacker-controlled values are embedded in SQL
statements. (CVE-2025-14179)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 16.04 LTS
php7.0-interbase 7.0.33-0ubuntu0.16.04.16+esm19
Available with Ubuntu Pro
php7.0-soap 7.0.33-0ubuntu0.16.04.16+esm19
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8513-1
CVE-2025-14179, CVE-2026-6722, CVE-2026-7261
--===============3909681297502050598==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
