UbuntuUpdates.org

Package "php8.4"

Name: php8.4

Description:

server-side, HTML-embedded scripting language (metapackage)
Latest version: 8.4.11-1ubuntu1.1
Release: questing (25.10)
Level: updates
Repository: main
Homepage: http://www.php.net/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "php8.4"

All arch deb package
APT INSTALL

Other versions of "php8.4" in Questing

Repository Area Version
base main 8.4.11-1ubuntu1
base universe 8.4.11-1ubuntu1
security main 8.4.11-1ubuntu1.1
security universe 8.4.11-1ubuntu1.1
updates universe 8.4.11-1ubuntu1.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 8.4.11-1ubuntu1.1 2026-01-12 14:08:24 UTC

  php8.4 (8.4.11-1ubuntu1.1) questing-security; urgency=medium

  * SECURITY UPDATE: Information leak of memory in getimagesize
    - debian/patches/CVE-2025-14177.patch: fix php_read_stream_all_chunks()
      in ext/standard/image.c
    - CVE-2025-14177
  * SECURITY UPDATE: Heap buffer overflow in array_merge()
    - debian/patches/CVE-2025-14178.patch: check number of elements in
      ext/standard/array.c
    - CVE-2025-14178
  * SECURITY UPDATE: NULL pointer dereference in PDO quoting
    - debian/patches/CVE-2025-14180.patch: fix null pointer dereference in
      ext/pdo/pdo_sql_parser.re
    - CVE-2025-14180

 -- Nishit Majithia <email address hidden> Wed, 07 Jan 2026 14:14:00 +0530
CVE-2025-14177 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, the getimagesize() function m
CVE-2025-14178 In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs
CVE-2025-14180 In PHP versions 8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1 when using the PDO PostgreSQL


About   -   Send Feedback to @ubuntu_updates