Red Hat Product Errata RHSA-2026:22305 - Security Advisory Issued: 2026-06-01 Updated: 2026-06-01 RHSA-2026:22305 - Security Advisory Overview Updated Packages Synopsis Important: php:8.2 security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for the php:8.2 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fix(es): PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions (CVE-2026-7258) PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation (CVE-2026-6735) php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> (CVE-2026-7262) php: signed integer overflow in metaphone() (CVE-2026-7568) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 8 x86_64 Red Hat Enterprise Linux for IBM z Systems 8 s390x Red Hat Enterprise Linux for Power, little endian 8 ppc64le Red Hat Enterprise Linux for ARM 64 8 aarch64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x Fixes BZ - 2468561 - CVE-2026-7258 PHP: PHP: Denial of Service via improper handling of signed characters in ctype functions BZ - 2468562 - CVE-2026-6735 PHP: PHP-FPM: PHP-FPM: Cross-Site Scripting vulnerability via improper URL sanitation BZ - 2468565 - CVE-2026-7262 php: NULL pointer dereference in SOAP apache:Map decoder with missing <value> BZ - 2468566 - CVE-2026-7568 php: signed integer overflow in metaphone() CVEs CVE-2026-6735 CVE-2026-7258 CVE-2026-7262 CVE-2026-7568 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 8 SRPM libzip-1.7.3-1.module+el8.10.0+20770+a5eca186.src.rpm SHA-256: e3a1ed986e41dda6962dcbea4857b17daef66f090d19aa5d52757cd2a31a4e4b php-8.2.31-1.module+el8.10.0+24323+abc2b0db.src.rpm SHA-256: 6d6ea6498379c83e2437feb4bf63925b25a2c6557f1ce4aaf81ec1ec105b3522 php-pear-1.10.14-1.module+el8.10.0+20770+a5eca186.src.rpm SHA-256: 1b4a4622f39e770224461deb6176e388a5d2150f6762075cb0846f3d3aed9e97 php-pecl-apcu-5.1.23-1.module+el8.10.0+20770+a5eca186.src.rpm SHA-256: e6445e29af2b2044c73f869ad816d7cdb34ddca2c3495b7a88e7296ec4503d25 php-pecl-rrd-2.0.3-1.module+el8.10.0+20770+a5eca186.src.rpm SHA-256: 2c540aaac097ae568a6c1a5e95a88cb8874bad5b9d9c8429d9fa68b8568db2e0 php-pecl-xdebug3-3.2.2-2.module+el8.10.0+20798+00eaeb41.src.rpm SHA-256: 6e084cf3595ce22bc2229b05df90fe6ee4495e7e461b3982f88c2282f7352c56 php-pecl-zip-1.22.3-1.module+el8.10.0+20770+a5eca186.src.rpm SHA-256: 70dd5a978ab60b7b4c6fb861239669d1db2248503a09f9173361e5259d34f1f6 x86_64 apcu-panel-5.1.23-1.module+el8.10.0+20770+a5eca186.noarch.rpm SHA-256: f405bbae63fbd45a1ab2070c02aab9a9626d0ada241e38371deccde457d33eaf php-pear-1.10.14-1.module+el8.10.0+20770+a5eca186.noarch.rpm SHA-256: f3d0fdd47417f14aef614fa33ff271578a0b6dcfbdfe70ffc61e4e47c03bd7f2 libzip-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: e268da51d4f89839b860d83fc6c1fb0fb3807604ac651c41c9418f3470d671fb libzip-debuginfo-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: 3cdd8e3e231002615b22106632fd0bec153f2ca1b7a026ef772506e684173db5 libzip-debugsource-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: 0abd53b41cb134f76cf2c89a03311ad8955392b226b5f05c6b5cfa276fcb59bf libzip-devel-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: 298cc111ed51803b07a40200ed6c18d0b1b48fa9847306bede74047849e3ff27 libzip-tools-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: 8d174f1159bc94b1cd74db3c6648195690b1512deb4eeaa7c3ff7141ef967530 libzip-tools-debuginfo-1.7.3-1.module+el8.10.0+20770+a5eca186.x86_64.rpm SHA-256: 3507d385fdf687ced0b647cffee93d8bf1bf0e341c9c08af0fe081f56665487a php-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: d262bd02937531da15d9d2d0b621b7d2524c53f199d687887a0a61fd5c21878b php-bcmath-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: c909f959a647ae79779a540b3035ad020167e8291024d7e4c2dabcf347251358 php-bcmath-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: e3a724be8ef53ea6f02fc6ea7ec1a82cafea8238977e060e7907c577ef0adce3 php-cli-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: e9a009abb691e6a67c33f256842a8058467a06ef12c85b0672e9a3f4488ccf15 php-cli-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 286dfa62658817a098eb15472c34fb5009c1f1758db8f78bf92db4aa71cd5254 php-common-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: d6ed70fae7c80d4b73ff924d96da4974a84bc7851bf5ec4e1478dd6913cb9125 php-common-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 12e905bbac830a4744524f7ee574b39319b33620858d25ddc842784f8e783ee6 php-dba-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 336638cc79deea97d8d440a36fdd19ca383fde135c670cc4da4fd230c030e993 php-dba-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: b1dbf95e6e97ab46528f9947ba737f33054fa2df0b4be16c81d13de06e124ce8 php-dbg-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: d4d89996fd0d19a69db67aa728aed6960ffa452f60f735c7a861d9e0e0d2114a php-dbg-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: c98be09c51f3a11c8bdeeb885b7722ed1afd81eaa6d2b304c17b3c590e0531fe php-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 0eb6dde9d52cd3a76a7c68902c0eb43e633e5262fb22d83c4a1e08f4f81f2a57 php-debugsource-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 65109579d5ac04dc1ed8b26839b89a960c3907c699bd733948ca6b97f0462bd9 php-devel-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 02a8dbaa20daa79a9bd8ddbee11022b976882514f16aad848b890fffb1e0de85 php-embedded-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: e9dafd8946ab7163635515eecca11de45c9f0459c5f633056d0620309c7852d4 php-embedded-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 3adeb2d5a118ffab772334dea08a445328f1def8181a01aa23ef73224bd02027 php-enchant-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: dbe3efca73747f9f2dd772bd4c31bd860caf380727348c682c94e76f5a8b0bd1 php-enchant-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: c93989a3381c1ffc6dc75ccb8ea7a35bc617d4bb5079f2b708ba52d539dd472e php-ffi-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: b6c11f13901c460d2f2d2326e3cfc132be110c0c81ee3364fea12df1f23c7b49 php-ffi-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 12e7a783dde771af71ef998e45117bbdc8ed24b7d60b5fba6b0d308bea83b29c php-fpm-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 25d02e311f6d843ba3a347d68c3bd8b23ffd1b5f3f288a51f2de2aa2fb11bf23 php-fpm-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 62e73115f1cd725e12da6d0f7cd46ea0d8143aeff802337e400794a7e98a2a29 php-gd-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 504f0c93c33bbbc543ed36e592f177e8a3237ceaac50e0d5306d2ce4a343bea2 php-gd-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 0342fc2401de92a48875bbf8e6761826be183616fa839255dfa476135a7935ba php-gmp-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 83a514d2c013b3c8e2dd8e86c83cf24ba03eb99e604dcbdb3be846b21226c404 php-gmp-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 83e29ab27656a8d99cb9cd7f42dc96f3ef20118adb6ce2819ef64d4ee82169d1 php-intl-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: f91b976389e61704d73cb70625661cbcd95dbd0a3e689cec2bfeee168f8a46c5 php-intl-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: c08b7375d8f97cd858671f3d3c6226467f6aa881def5127b062b681116ba88dc php-ldap-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 012b00c6235ec9b7c0807a26385ed6d22e54ea2d7b9195f1eb86a9b11d9661e7 php-ldap-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: bd27404d21a7394f0fb0353ed22abacb48246c8ef77cb7208164465c00b54f76 php-mbstring-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: adf735342108849e5ed1aa133095d88b4daf4ea62dbb7b1d612a22e954f2f1ba php-mbstring-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 3f5c9d320318ec28a376daf21ea860335245e36b949ca9b0393dfb0b99d4def9 php-mysqlnd-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: 5824bd8dce7a2d70b7d80e5fb92a317c5c5029f2dbaedaece76eeb068ac31d8f php-mysqlnd-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: d057549f5818772aef159623bc34b38ff4d33e0e618589b35f6b807712711aea php-odbc-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: d58ff9cac1985829de4549500fb2ddd7422889097b5f2eee35cce42ce6bdcd0c php-odbc-debuginfo-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: a2eed0d85e9b0305d03c5b7c86610bda6738dacf26dd0ab8558e9db64286296a php-opcache-8.2.31-1.module+el8.10.0+24323+abc2b0db.x86_64.rpm SHA-256: b424f52d796588cbb9283ea00dccb761ada9ce7a7616646e21c80a0f82d3cd81 php-opcache-debuginfo-8.2.31-1.module+