An update for php is now available for openEuler-22.03-LTS-SP4 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2341 Final 1.0 1.0 2026-05-15 Initial 2026-05-15 2026-05-15 openEuler SA Tool V1.0 2026-05-15 php security update An update for php is now available for openEuler-22.03-LTS-SP4 PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in database integration for several commercial and non-commercial database management systems, so writing a database-enabled webpage with PHP is fairly simple. The most common use of PHP coding is probably as a replacement for CGI scripts. The php package contains the module (often referred to as mod_php) which adds support for the PHP language to Apache HTTP Server. Security Fix(es): In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP object while its stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with control over the SOAP request body can exploit this use-after-free to achieve remote code execution.(CVE-2026-6722) In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding().(CVE-2026-7259) In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service.(CVE-2026-7262) In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process.(CVE-2026-7568) An update for php is now available for openEuler-22.03-LTS-SP4. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium php https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2341 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6722 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7259 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7262 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-7568 https://nvd.nist.gov/vuln/detail/CVE-2026-6722 https://nvd.nist.gov/vuln/detail/CVE-2026-7259 https://nvd.nist.gov/vuln/detail/CVE-2026-7262 https://nvd.nist.gov/vuln/detail/CVE-2026-7568 openEuler-22.03-LTS-SP4 php-8.0.30-12.oe2203sp4.aarch64.rpm php-bcmath-8.0.30-12.oe2203sp4.aarch64.rpm php-cli-8.0.30-12.oe2203sp4.aarch64.rpm php-common-8.0.30-12.oe2203sp4.aarch64.rpm php-dba-8.0.30-12.oe2203sp4.aarch64.rpm php-dbg-8.0.30-12.oe2203sp4.aarch64.rpm php-debuginfo-8.0.30-12.oe2203sp4.aarch64.rpm php-debugsource-8.0.30-12.oe2203sp4.aarch64.rpm php-devel-8.0.30-12.oe2203sp4.aarch64.rpm php-embedded-8.0.30-12.oe2203sp4.aarch64.rpm php-enchant-8.0.30-12.oe2203sp4.aarch64.rpm php-ffi-8.0.30-12.oe2203sp4.aarch64.rpm php-fpm-8.0.30-12.oe2203sp4.aarch64.rpm php-gd-8.0.30-12.oe2203sp4.aarch64.rpm php-gmp-8.0.30-12.oe2203sp4.aarch64.rpm php-intl-8.0.30-12.oe2203sp4.aarch64.rpm php-ldap-8.0.30-12.oe2203sp4.aarch64.rpm php-mbstring-8.0.30-12.oe2203sp4.aarch64.rpm php-mysqlnd-8.0.30-12.oe2203sp4.aarch64.rpm php-odbc-8.0.30-12.oe2203sp4.aarch64.rpm php-opcache-8.0.30-12.oe2203sp4.aarch64.rpm php-pdo-8.0.30-12.oe2203sp4.aarch64.rpm php-pgsql-8.0.30-12.oe2203sp4.aarch64.rpm php-process-8.0.30-12.oe2203sp4.aarch64.rpm php-snmp-8.0.30-12.oe2203sp4.aarch64.rpm php-soap-8.0.30-12.oe2203sp4.aarch64.rpm php-sodium-8.0.30-12.oe2203sp4.aarch64.rpm php-tidy-8.0.30-12.oe2203sp4.aarch64.rpm php-xml-8.0.30-12.oe2203sp4.aarch64.rpm php-8.0.30-12.oe2203sp4.src.rpm php-8.0.30-12.oe2203sp4.x86_64.rpm php-bcmath-8.0.30-12.oe2203sp4.x86_64.rpm php-cli-8.0.30-12.oe2203sp4.x86_64.rpm php-common-8.0.30-12.oe2203sp4.x86_64.rpm php-dba-8.0.30-12.oe2203sp4.x86_64.rpm php-dbg-8.0.30-12.oe2203sp4.x86_64.rpm php-debuginfo-8.0.30-12.oe2203sp4.x86_64.rpm php-debugsource-8.0.30-12.oe2203sp4.x86_64.rpm php-devel-8.0.30-12.oe2203sp4.x86_64.rpm php-embedded-8.0.30-12.oe2203sp4.x86_64.rpm php-enchant-8.0.30-12.oe2203sp4.x86_64.rpm php-ffi-8.0.30-12.oe2203sp4.x86_64.rpm php-fpm-8.0.30-12.oe2203sp4.x86_64.rpm php-gd-8.0.30-12.oe2203sp4.x86_64.rpm php-gmp-8.0.30-12.oe2203sp4.x86_64.rpm php-intl-8.0.30-12.oe2203sp4.x86_64.rpm php-ldap-8.0.30-12.oe2203sp4.x86_64.rpm php-mbstring-8.0.30-12.oe2203sp4.x86_64.rpm php-mysqlnd-8.0.30-12.oe2203sp4.x86_64.rpm php-odbc-8.0.30-12.oe2203sp4.x86_64.rpm php-opcache-8.0.30-12.oe2203sp4.x86_64.rpm php-pdo-8.0.30-12.oe2203sp4.x86_64.rpm php-pgsql-8.0.30-12.oe2203sp4.x86_64.rpm php-process-8.0.30-12.oe2203sp4.x86_64.rpm php-snmp-8.0.30-12.oe2203sp4.x86_64.rpm php-soap-8.0.30-12.oe2203sp4.x86_64.rpm php-sodium-8.0.30-12.oe2203sp4.x86_64.rpm php-tidy-8.0.30-12.oe2203sp4.x86_64.rpm php-xml-8.0.30-12.oe2203sp4.x86_64.rpm php-help-8.0.30-12.oe2203sp4.noarch.rpm In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global map without incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the second entry overwrites the first in the temporary result map, freeing the original PHP object while its stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with control over the SOAP request body can exploit this use-after-free to achieve remote code execution. 2026-05-15 CVE-2026-6722 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H php security update 2026-05-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2341 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, a mismatch between encoding lists in Oniguruma and mbfl leads to  a NULL pointer dereference, resulting in a segmentation fault and denial of service. The vulnerability is exploitable when user-controlled input can influence the encoding passed to mb_regex_encoding(). 2026-05-15 CVE-2026-7259 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H php security update 2026-05-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2341 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the wrong variable in case of missing value element.  This leads to dereferences a NULL pointer, causing a segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process, resulting in denial of service. 2026-05-15 CVE-2026-7262 openEuler-22.03-LTS-SP4 Medium 6.3 AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N php security update 2026-05-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2341 In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation fault or access to unrelated memory, and may affect the availability of the PHP process. 2026-05-15 CVE-2026-7568 openEuler-22.03-LTS-SP4 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H php security update 2026-05-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2341