[El-errata] ELSA-2026-2470 Moderate: Oracle Linux 8 php:7.4 security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Feb 13 02:34:51 UTC 2026 

Oracle Linux Security Advisory ELSA-2026-2470

http://linux.oracle.com/errata/ELSA-2026-2470.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm
libzip-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-bcmath-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-cli-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-common-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-dba-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-dbg-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-devel-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-embedded-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-enchant-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-ffi-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-fpm-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-gd-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-gmp-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-intl-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-json-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-ldap-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-mbstring-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-mysqlnd-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-odbc-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-opcache-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-pdo-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm
php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.x86_64.rpm
php-pgsql-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-process-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-snmp-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-soap-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-xml-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm
php-xmlrpc-7.4.33-3.module+el8.10.0+90781+f71ba651.x86_64.rpm

aarch64:
apcu-panel-5.1.18-1.module+el8.10.0+90472+f810484b.noarch.rpm
libzip-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
libzip-devel-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
libzip-tools-1.6.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-bcmath-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-cli-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-common-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-dba-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-dbg-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-devel-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-embedded-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-enchant-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-ffi-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-fpm-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-gd-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-gmp-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-intl-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-json-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-ldap-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-mbstring-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-mysqlnd-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-odbc-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-opcache-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-pdo-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.noarch.rpm
php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-apcu-devel-5.1.18-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.aarch64.rpm
php-pgsql-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-process-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-snmp-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-soap-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-xml-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm
php-xmlrpc-7.4.33-3.module+el8.10.0+90781+f71ba651.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libzip-1.6.1-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-7.4.33-3.module+el8.10.0+90781+f71ba651.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pear-1.10.13-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-apcu-5.1.18-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-rrd-2.0.1-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-xdebug-2.9.5-1.module+el8.10.0+90472+f810484b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-zip-1.18.2-1.module+el8.10.0+90472+f810484b.src.rpm

Related CVEs:

CVE-2024-8929
CVE-2024-11233
CVE-2024-11234
CVE-2025-1217
CVE-2025-1219
CVE-2025-1220
CVE-2025-1734
CVE-2025-1735
CVE-2025-1736
CVE-2025-1861
CVE-2025-6491
CVE-2025-14177
CVE-2025-14178




Description of changes:

libzip
[1.6.1-1]
- update to 1.6.1
- enable lzma support

php
[7.4.33-3]
- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
  GHSA-4w77-75f9-2c8w
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
  CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
  CVE-2024-11233
- Fix Leak partial content of the heap through heap buffer over-read
  CVE-2024-8929
- Fix libxml streams use wrong content-type header when requesting a redirected resource
  CVE-2025-1219
- Fix Stream HTTP wrapper header check might omit basic auth header
  CVE-2025-1736
- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
  CVE-2025-1861
- Fix Streams HTTP wrapper does not fail for headers without colon
  CVE-2025-1734
- Fix Header parser of http stream wrapper does not handle folded headers
  CVE-2025-1217
- Fix pgsql extension does not check for errors during escaping
  CVE-2025-1735
- Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
  CVE-2025-6491
- Fix Null byte termination in hostnames
  CVE-2025-1220
- Fix Null byte termination in dns_get_record()
  GHSA-www2-q4fc-65wf
- Fix Heap buffer overflow in array_merge()
  CVE-2025-14178
- Fix Information Leak of Memory in getimagesize
  CVE-2025-14177

php-pear
[1:1.10.13-1]
- update PEAR to 1.10.13
- update Archive_Tar to 1.4.14

php-pecl-apcu
[5.1.18-1]
- update to 5.1.18

php-pecl-rrd
[2.0.1-1]
- build for RHEL 8

php-pecl-xdebug
[2.9.5-1]
- update to 2.9.5

php-pecl-zip
[1.18.2-1]
- update to 1.18.2

More information about the El-errata mailing list