Multiple vulnerabilities in PHP 8.4, including CVE-2025-14179 and CVE-2026-6104 among others, could lead to denial of service, SQL injection, cross-site scripting, information disclosure, or arbitrary code execution. The issues affect the Debian stable distribution (trixie) and are fixed in version 8.4.21-1~deb13u1. IT administrators should prioritize upgrading their php8.4 packages to this patched version.
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index] [SECURITY] [DSA 6256-1] php8.4 security update To: debian-security-announce@lists.debian.org Subject: [SECURITY] [DSA 6256-1] php8.4 security update From: Moritz Muehlenhoff <jmm@debian.org> Date: Fri, 8 May 2026 18:49:41 +0000 Message-id: <[🔎] af4wRSP_c5kerXTy@seger.debian.org> Reply-to: debian-security-announce-request@lists.debian.org -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-6256-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff May 08, 2026 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : php8.4 CVE ID : CVE-2025-14179 CVE-2026-6104 CVE-2026-6722 CVE-2026-6735 CVE-2026-7258 CVE-2026-7259 CVE-2026-7261 CVE-2026-7262 CVE-2026-7263 CVE-2026-7568 Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in denial of service, SQL injection, cross-site scripting, information disclosure or the execution of arbitrary code. For the stable distribution (trixie), these problems have been fixed in version 8.4.21-1~deb13u1. We recommend that you upgrade your php8.4 packages. For the detailed security status of php8.4 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/php8.4 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmn+L+AACgkQEMKTtsN8 TjaTlw/8CdLBXZ237J9QNl1YJlPlAruL2c1hgYr+wVKgdIxxXrPxlvljL0vqIxtf W3EuSYnzmC8MICu6KwlhY7mGAI1bgmEISjNKlBvpbJEBlOJeNREVkdWYvVqZtvS1 hkDolEaZgFpX6CDInSntd1QdnvdQyeARn+/Hh6sk1Lb4KGzS0xTjy4DAZIK337sS emmNfC1k6vFhRakdOT4pv3o5oVjL/NiTkby+BI4izCuOgC9hvq7uLRLlSnMHrLjf V8fjM8PNGlcMGZm8K0B6WxstmudhCpPay4ZrRNXn0NXolkEVyhtovK/3M7JaYF/N tRVj+sxwE9vz4su8P4SMboLTvHP8q0gfuBEuTrh6Qs2J91qKtRXr9IqCDk5vnuXM NW47tr/rk5jtKuvuaQ6pZte+MMClFiMr8pq8Nk0kJG9+Xf2foB5/zgK0FedI5ZLA SAhrWf3WtpXZpLBK041aA2vnVrcdMM8H/EQomV5CqaBH2psDAL22pUROtOVjb0DG GERCUo8LavlR+wpG/oRDt/JYn1rMhVUMRZnR0lTSExPbQ9fxISZ9PJc0tm9ZuNUN SylmhsifrkmdxadmXkMfpvGbnCNYtsbK0Bw7rh4t97jOQivpb/wviS/u31abnz5Q cf3g5kxSkt7a4Dcb/9IE7C0I73UrnoMHcbtQq10W5yHldMPqXwA= =6KQG -----END PGP SIGNATURE----- Reply to: debian-security-announce@lists.debian.org Moritz Muehlenhoff (on-list) Moritz Muehlenhoff (off-list) Prev by Date: [SECURITY] [DSA 6255-1] php8.2 security update Next by Date: [SECURITY] [DSA 6257-1] postorius security update Previous by thread: [SECURITY] [DSA 6255-1] php8.2 security update Next by thread: [SECURITY] [DSA 6257-1] postorius security update Index(es): Date Thread