Home / mailingsPDF  

[USN-8513-1] PHP vulnerabilities

Posted on 06 July 2026
Ubuntu Security

==========================================================================Ubuntu Security Notice USN-8513-1
July 06, 2026

php7.0 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 16.04 LTS

Summary:

PHP could be made to crash or run programs if it received
specially crafted network traffic.

Software Description:
- php7.0: HTML-embedded scripting language interpreter

Details:

It was discovered that PHP incorrectly handled SOAP object deduplication
when processing apache:Map nodes with duplicate keys. An attacker could
possibly use this to cause a use-after-free, resulting in remote code
execution. (CVE-2026-6722)

It was discovered that PHP incorrectly handled SOAP request persistence when
configured with SOAP_PERSISTENCE_SESSION. An attacker could possibly use this
to cause a use-after-free, resulting in memory corruption, information
disclosure, or a denial of service. (CVE-2026-7261)

It was discovered that the PDO Firebird driver in PHP improperly handled NUL
bytes when quoting SQL query strings. An attacker could possibly use this to
perform SQL injection when attacker-controlled values are embedded in SQL
statements. (CVE-2025-14179)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 16.04 LTS
php7.0-interbase 7.0.33-0ubuntu0.16.04.16+esm19
Available with Ubuntu Pro
php7.0-soap 7.0.33-0ubuntu0.16.04.16+esm19
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8513-1
CVE-2025-14179, CVE-2026-6722, CVE-2026-7261

--===============3909681297502050598==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

 

TOP