Red Hat Product Errata RHSA-2026:22142 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22142 - Security Advisory Overview Updated Packages Synopsis Important: php:8.3 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the php:8.3 module is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258) PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735) php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> (CVE-2026-7262) php: signed integer overflow in metaphone() (CVE-2026-7568) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 9 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.8 x86_64 Red Hat Enterprise Linux for IBM z Systems 9 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.8 s390x Red Hat Enterprise Linux for Power, little endian 9 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.8 ppc64le Red Hat Enterprise Linux for ARM 64 9 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.8 aarch64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.8 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.8 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.8 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.8 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.8 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.8 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.8 s390x Fixes BZ - 2468561 - CVE-2026-7258 PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions BZ - 2468562 - CVE-2026-6735 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation BZ - 2468565 - CVE-2026-7262 php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> BZ - 2468566 - CVE-2026-7568 php: signed integer overflow in metaphone() CVEs CVE-2026-6735 CVE-2026-7258 CVE-2026-7262 CVE-2026-7568 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 9 SRPM php-8.3.31-2.module+el9.8.0+24329+a775fb4e.src.rpm SHA-256: 5d9967556210527ed0d1fee34983a7eae43aea8c47da92659d7f588157e92221 php-pecl-apcu-5.1.23-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 4d3d60d4b566b773e73345f44a97fa2cc5c0b4cf1b15c4f7de0cf60c2d0d428d php-pecl-apcu-5.1.23-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 3c81ead4518ea886adc3eabdfcd4603b985e25a0fe9a184e7a1e1315a8d7b460 php-pecl-redis6-6.1.0-2.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 9f68a35fb4ef7adc64c906fb184649aed76eda1c426020e5f46d5a4845a0b923 php-pecl-redis6-6.1.0-2.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 54ad16412b4f22e04985f334253ee497f15b6f683aa139d7e7a81b420bf3d793 php-pecl-rrd-2.0.3-4.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 344f73771e96e432f2774733960236b85b3473d740236bf5b55e92cc8ce0d44f php-pecl-rrd-2.0.3-4.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 34c5680b7ee0dc7c0ee346ed4f13ba4728e20194125153380bf9224f65e68fa5 php-pecl-xdebug3-3.3.1-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 497b0a4d928b159eb7e035302f1e9005e587ee09898244b80d967b537ea9bca9 php-pecl-xdebug3-3.3.1-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 78df14cfd3991793466a9001eecee8689342faec6988f55cea0f376655d738f8 php-pecl-zip-1.22.3-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 6297b45bbacddd5c4fb4dc65bb2763e482c0b53941578c140965397f77cfc42c php-pecl-zip-1.22.3-1.module+el9.6.0+22647+1741ae35.src.rpm SHA-256: 60dfd43b37cece38bec6a29257eb41394ea02385d121c9f691a698f8dd4f21e7 x86_64 apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: e270852fdff8720729121be81a33747e5137c51bfeccb392cf1bf380fd70440b apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: 9b830df543505382b540a41b033df40e9a9a34085fd68bda310f1420241b8a59 apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: e270852fdff8720729121be81a33747e5137c51bfeccb392cf1bf380fd70440b apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: 9b830df543505382b540a41b033df40e9a9a34085fd68bda310f1420241b8a59 apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: e270852fdff8720729121be81a33747e5137c51bfeccb392cf1bf380fd70440b apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: 9b830df543505382b540a41b033df40e9a9a34085fd68bda310f1420241b8a59 apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: e270852fdff8720729121be81a33747e5137c51bfeccb392cf1bf380fd70440b apcu-panel-5.1.23-1.module+el9.6.0+22647+1741ae35.noarch.rpm SHA-256: 9b830df543505382b540a41b033df40e9a9a34085fd68bda310f1420241b8a59 php-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: d50fd71591d4baaf333216f9e5922a587752b3c78a0f61d80bed782a1060f872 php-bcmath-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 3241e07a8561ccc240288b02c60331eb847ac2769267d01b29a23caf84aefeaa php-bcmath-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: ff1ab768bf339cce7be0d79e622c2cbb8d5101cf660c0e3f48281533b5326d9d php-cli-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 03d04338e0dd3f4872cf8f93998281eb4409ba82f3d1f5fe6c7e85e31f93e3b4 php-cli-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: d1105525e902004d0f00722c4fb0b9e4dd7a4da28674a4ea93330f989c019841 php-common-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: df3487422354cc37d82b93c2aaaa15ee831a0d1a5fa067e56721d62b6f5c8731 php-common-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 81ffa53d1960389dbf4b817ecfd2d29cdf2182cff314cf5ec77fc14a08b22953 php-dba-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 2d887eb20daba358342b94fb49a2c90baa3f7e309ef6170deba6d6256cfefd01 php-dba-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 4fbd15c4e7dd29c9983e63d632169bd37a71900fa7fb8653fead617eac49f909 php-dbg-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 06c7ce7cbc83f013e5c690076fb73c27f5cb2fad534e8b44cd7d085d7ab606b4 php-dbg-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 20aedc3a6504d0642473db06d608537e170a9d9946f4f9e4c72c646c10e5ff61 php-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 667ed9086de532b724b7d4e420275725b31b22416c9d77cdaa173b8c2e61eaa6 php-debugsource-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: ea6e98be53a66fc7e6d6219bf50b1a9fd56ef73dbd25b78ff594f744cd0cea21 php-devel-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 573a94d3afcca2f97272564441a69d3ef93910285135c58f85d879f035bf3dd7 php-embedded-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: b8a0b6268458289196f3155e7cb29623ded6746b5258e64dbb018ffe8eb02584 php-embedded-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: d37cc6f6cef46f1cc59c3a3655e37efc6defcb379d861067c5f12599522b5c01 php-enchant-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 8209b6f47ffe38235cd69f0ab4362496a41d6930e5f8bbaebb2ae5256cc1d0da php-enchant-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: b9fe9b49fe6a293850ca8f4b2822e682ca6653fcefacbc0b99b3df954ff91105 php-ffi-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 7eca8b672a4211c8b4859ae89683dfe82cefa7f50986522ba16c2ca6c30d74c6 php-ffi-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 4e9897473967e194c823515db0d76ed2765a7fe16bd8e9d99cd2b97c7d6838f6 php-fpm-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 5291a0c87084baf81916ffe1217cbec648fcbd486b39103134c6a4a86e3e6fb7 php-fpm-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 3aed37e3f6ef3dd89b4ddc1d4cec20e65cd0a9660603f55734cd64361a3f0b56 php-gd-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: e009cfb97b9753bb3ca75b20dcecbbcf9c2e2e404e7dbebf17b83ac40d26ce60 php-gd-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 7e819692a9b6b51c10284807ccbffd44319f9b2e22e700be473b8d5c0552c817 php-gmp-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 31d4f4dbd16f926b3c5d2be012c7b4eab3164927dd819792a7e2a7b0e5716b09 php-gmp-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: a37ad2ca07e978cdbdbe43c85e55ecb2a759a0071d9412447f4bac1afdd53e33 php-intl-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: b7fb9593480ba5ede8cb107447197098ddcafc976329e5bf76e20ea990120261 php-intl-debuginfo-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 835c8787efa40fd545fa1d36e514c97a1d8d1713a4892c5bd806b480be7edab4 php-ldap-8.3.31-2.module+el9.8.0+24329+a775fb4e.x86_64.rpm SHA-256: 9569036f910d592c28e9880cf9a31268df5637569303a18a5602598e13bc587f php-ldap-debuginfo-8.3.31-2.module+el9.8.0+24329