[El-errata] ELSA-2026-33449 Important: Oracle Linux 9 php security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Jul 6 23:21:48 UTC 2026


Oracle Linux Security Advisory ELSA-2026-33449

http://linux.oracle.com/errata/ELSA-2026-33449.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
php-8.0.30-6.el9_8.x86_64.rpm
php-bcmath-8.0.30-6.el9_8.x86_64.rpm
php-cli-8.0.30-6.el9_8.x86_64.rpm
php-common-8.0.30-6.el9_8.x86_64.rpm
php-dba-8.0.30-6.el9_8.x86_64.rpm
php-dbg-8.0.30-6.el9_8.x86_64.rpm
php-devel-8.0.30-6.el9_8.x86_64.rpm
php-embedded-8.0.30-6.el9_8.x86_64.rpm
php-enchant-8.0.30-6.el9_8.x86_64.rpm
php-ffi-8.0.30-6.el9_8.x86_64.rpm
php-fpm-8.0.30-6.el9_8.x86_64.rpm
php-gd-8.0.30-6.el9_8.x86_64.rpm
php-gmp-8.0.30-6.el9_8.x86_64.rpm
php-intl-8.0.30-6.el9_8.x86_64.rpm
php-ldap-8.0.30-6.el9_8.x86_64.rpm
php-mbstring-8.0.30-6.el9_8.x86_64.rpm
php-mysqlnd-8.0.30-6.el9_8.x86_64.rpm
php-odbc-8.0.30-6.el9_8.x86_64.rpm
php-opcache-8.0.30-6.el9_8.x86_64.rpm
php-pdo-8.0.30-6.el9_8.x86_64.rpm
php-pgsql-8.0.30-6.el9_8.x86_64.rpm
php-process-8.0.30-6.el9_8.x86_64.rpm
php-snmp-8.0.30-6.el9_8.x86_64.rpm
php-soap-8.0.30-6.el9_8.x86_64.rpm
php-xml-8.0.30-6.el9_8.x86_64.rpm

aarch64:
php-8.0.30-6.el9_8.aarch64.rpm
php-bcmath-8.0.30-6.el9_8.aarch64.rpm
php-cli-8.0.30-6.el9_8.aarch64.rpm
php-common-8.0.30-6.el9_8.aarch64.rpm
php-dba-8.0.30-6.el9_8.aarch64.rpm
php-dbg-8.0.30-6.el9_8.aarch64.rpm
php-devel-8.0.30-6.el9_8.aarch64.rpm
php-embedded-8.0.30-6.el9_8.aarch64.rpm
php-enchant-8.0.30-6.el9_8.aarch64.rpm
php-ffi-8.0.30-6.el9_8.aarch64.rpm
php-fpm-8.0.30-6.el9_8.aarch64.rpm
php-gd-8.0.30-6.el9_8.aarch64.rpm
php-gmp-8.0.30-6.el9_8.aarch64.rpm
php-intl-8.0.30-6.el9_8.aarch64.rpm
php-ldap-8.0.30-6.el9_8.aarch64.rpm
php-mbstring-8.0.30-6.el9_8.aarch64.rpm
php-mysqlnd-8.0.30-6.el9_8.aarch64.rpm
php-odbc-8.0.30-6.el9_8.aarch64.rpm
php-opcache-8.0.30-6.el9_8.aarch64.rpm
php-pdo-8.0.30-6.el9_8.aarch64.rpm
php-pgsql-8.0.30-6.el9_8.aarch64.rpm
php-process-8.0.30-6.el9_8.aarch64.rpm
php-snmp-8.0.30-6.el9_8.aarch64.rpm
php-soap-8.0.30-6.el9_8.aarch64.rpm
php-xml-8.0.30-6.el9_8.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/php-8.0.30-6.el9_8.src.rpm

Related CVEs:

CVE-2026-6722
CVE-2026-6735
CVE-2026-7258
CVE-2026-7259
CVE-2026-7261
CVE-2026-7262
CVE-2026-7568




Description of changes:

[8.0.30-6]
- Fix XSS within status endpoint
  CVE-2026-6735
- Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
  CVE-2026-7259
- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
  CVE-2026-6722
- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
  CVE-2026-7261
- Fix Broken Apache map value NULL check
  CVE-2026-7262
- Fix Signed integer overflow of char array offset
  CVE-2026-7568
- Fix Consistently pass unsigned char to ctype.h functions
  CVE-2026-7258




More information about the El-errata mailing list