Packages
Details
USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735
caused a regression in php7.0, php7.2 and php7.4. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain hostnames containing
null characters. A remote attacker could possibly use this issue to bypass
certain hostname validation checks. (CVE-2025-1220)
It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql
escaping functions. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)
It was discovered that PHP incorrectly handled parsing certain XML data in
SOAP extensions. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a...
USN-7648-2 fixed vulnerabilities in PHP. The patch for CVE-2025-1735
caused a regression in php7.0, php7.2 and php7.4. This update fixes
the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that PHP incorrectly handled certain hostnames containing
null characters. A remote attacker could possibly use this issue to bypass
certain hostname validation checks. (CVE-2025-1220)
It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql
escaping functions. A remote attacker could possibly use this issue to
cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)
It was discovered that PHP incorrectly handled parsing certain XML data in
SOAP extensions. A remote attacker could possibly use this issue to cause
PHP to crash, resulting in a denial of service. (CVE-2025-6491)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | php7.4 – 7.4.3-4ubuntu2.29+esm2 | ||
| php7.4-cgi – 7.4.3-4ubuntu2.29+esm2 | |||
| php7.4-cli – 7.4.3-4ubuntu2.29+esm2 | |||
| php7.4-common – 7.4.3-4ubuntu2.29+esm2 | |||
| php7.4-fpm – 7.4.3-4ubuntu2.29+esm2 | |||
| php7.4-pgsql – 7.4.3-4ubuntu2.29+esm2 | |||
| 18.04 bionic | php7.2 – 7.2.24-0ubuntu0.18.04.17+esm11 | ||
| php7.2-cgi – 7.2.24-0ubuntu0.18.04.17+esm11 | |||
| php7.2-cli – 7.2.24-0ubuntu0.18.04.17+esm11 | |||
| php7.2-fpm – 7.2.24-0ubuntu0.18.04.17+esm11 | |||
| php7.2-pgsql – 7.2.24-0ubuntu0.18.04.17+esm11 | |||
| 16.04 xenial | php7.0 – 7.0.33-0ubuntu0.16.04.16+esm18 | ||
| php7.0-cgi – 7.0.33-0ubuntu0.16.04.16+esm18 | |||
| php7.0-cli – 7.0.33-0ubuntu0.16.04.16+esm18 | |||
| php7.0-common – 7.0.33-0ubuntu0.16.04.16+esm18 | |||
| php7.0-fpm – 7.0.33-0ubuntu0.16.04.16+esm18 | |||
| php7.0-pgsql – 7.0.33-0ubuntu0.16.04.16+esm18 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.