[El-errata] ELSA-2026-1412 Important: Oracle Linux 8 php:8.2 security update

Thu Jan 29 00:33:16 UTC 2026

Oracle Linux Security Advisory ELSA-2026-1412

http://linux.oracle.com/errata/ELSA-2026-1412.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm
libzip-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-bcmath-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-cli-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-common-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-dba-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-dbg-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-devel-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-embedded-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-enchant-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-ffi-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-fpm-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-gd-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-gmp-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-intl-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-ldap-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-mbstring-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-mysqlnd-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-odbc-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-opcache-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-pdo-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm
php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.x86_64.rpm
php-pgsql-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-process-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-snmp-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-soap-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm
php-xml-8.2.30-1.module+el8.10.0+90775+243071a5.x86_64.rpm

aarch64:
apcu-panel-5.1.23-1.module+el8.10.0+90469+8883f508.noarch.rpm
libzip-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
libzip-devel-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
libzip-tools-1.7.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-bcmath-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-cli-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-common-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-dba-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-dbg-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-devel-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-embedded-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-enchant-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-ffi-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-fpm-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-gd-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-gmp-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-intl-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-ldap-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-mbstring-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-mysqlnd-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-odbc-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-opcache-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-pdo-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.noarch.rpm
php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-apcu-devel-5.1.23-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.aarch64.rpm
php-pgsql-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-process-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-snmp-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-soap-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm
php-xml-8.2.30-1.module+el8.10.0+90775+243071a5.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/libzip-1.7.3-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-8.2.30-1.module+el8.10.0+90775+243071a5.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pear-1.10.14-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-apcu-5.1.23-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-rrd-2.0.3-1.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-xdebug3-3.2.2-2.module+el8.10.0+90469+8883f508.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/php-pecl-zip-1.22.3-1.module+el8.10.0+90469+8883f508.src.rpm

Related CVEs:

CVE-2025-1220
CVE-2025-1735
CVE-2025-6491
CVE-2025-14177
CVE-2025-14178
CVE-2025-14180

Description of changes:

libzip
[1.7.3-1]
- update to 1.7.3

[1.6.1-1]
- update to 1.6.1
- enable lzma support

[1.5.2-1]
- update to 1.5.2
- add all explicit cmake options to ensure openssl is used
  even in local build with other lilbraries available

[1.5.1-1]
- update to 1.5.1
- drop dependency on zlib-devel and bzip2-devel no more
  referenced in libzip.pc
- drop rpath patch merged upstream

[1.5.0-2]
- add dependency on zlib-devel and bzip2-devel #1556068

[1.5.0-1]
- update to 1.5.0
- use openssl for cryptography instead of bundled custom AES implementation

[1.4.0-5]
- missing BR on C compiler
- use ldconfig_scriptlets

[1.4.0-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.4.0-3]
- add upstream patch and drop multilib hack

[1.4.0-2]
- re-add multilib hack #1529886

php
[8.2.30-1]
- rebase to 8.2.30

php-pear
[1:1.10.14-1]
- update PEAR to 1.10.14 for PHP 8.2 RHEL-14705

[1:1.10.13-1]
- update PEAR to 1.10.13
- update Archive_Tar to 1.4.14

[1:1.10.12-1]
- update PEAR to 1.10.12
- update Archive_Tar to 1.4.9
- update Console_Getopt to 1.4.3
- update XML_Util to 1.4.5

[1:1.10.9-1]
- update PEAR to 1.10.9
- update Archive_Tar to 1.4.7
- update Console_Getopt to 1.4.2

[1:1.10.5-8]
- require /usr/bin/gpg instead of gnupg

[1:1.10.5-7]
- enable autoloader only in Fedora

[1:1.10.5-6]
- add patch for PHP 7.2 from
  https://github.com/pear/pear-core/pull/71

[1:1.10.5-5]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1:1.10.5-4]
- add autoloader for each package

[1:1.10.5-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

php-pecl-apcu
[5.1.23-1]
- update to 5.1.23 for PHP 8.2 RHEL-14705

[5.1.20-1]
- update to 5.1.20

[5.1.18-1]
- update to 5.1.18

[5.1.17-1]
- update to 5.1.17

[5.1.12-1]
- update to 5.1.12 (stable)

[5.1.11-1]
- update to 5.1.11 (stable)

[5.1.10-1]
- update to 5.1.10 (stable)

[5.1.9-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[5.1.9-2]
- undefine _strict_symbol_defs_build

[5.1.9-1]
- Update to 5.1.9 (php 7, stable)

php-pecl-rrd
[2.0.3-1]
- update to 2.0.3

[2.0.1-1]
- build for RHEL 8

[2.0.1-13]
- rebuild for https://fedoraproject.org/wiki/Changes/php74

[2.0.1-12]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

[2.0.1-11]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

[2.0.1-10]
- Rebuild for https://fedoraproject.org/wiki/Changes/php73

[2.0.1-9]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[2.0.1-8]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[2.0.1-7]
- undefine _strict_symbol_defs_build

[2.0.1-6]
- rebuild for https://fedoraproject.org/wiki/Changes/php72

php-pecl-xdebug3
[3.2.2-2]
- drop inet_ntoa usage using upstream patch

[3.2.2-1]
- update to 3.2.2 for PHP 8.2 RHEL-14705

[3.1.2-1]
- update to 3.1.2 rhbz#2030322

[3.0.4-5]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
  Related: rhbz#1991688

[3.0.4-4]
- ignore tests relying on DNS #1979841

[3.0.4-2]
- Rebuilt for RHEL 9 BETA for openssl 3.0
  Related: rhbz#1971065

[3.0.4-1]
- update to 3.0.4

[3.0.3-2]
- rebuild for https://fedoraproject.org/wiki/Changes/php80

[3.0.3-1]
- update to 3.0.3

[3.0.2-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

php-pecl-zip
[1.22.3-1]
- update to 1.22.3 for PHP 8.2 RHEL-14705

[1.19.2-1]
- update to 1.19.2

[1.18.2-1]
- update to 1.18.2

[1.15.4-1]
- Update to 1.15.4

[1.15.3-1]
- Update to 1.15.3

[1.15.2-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[1.15.2-2]
- undefine _strict_symbol_defs_build

[1.15.2-1]
- Update to 1.15.2

[1.15.1-4]
- rebuild for https://fedoraproject.org/wiki/Changes/php72

[1.15.1-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild