SUSE-SU-2026:0086-1

This update for php8 fixes the following issues:

Security fixes:

• CVE-2025-14177: getimagesize() function may leak uninitialized heap memory into the APPn segments when reading images in multi-chunk mode (bsc#1255710).
• CVE-2025-14178: heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT_MAX_SIZE (bsc#1255711).
• CVE-2025-14180: null pointer dereference in pdo_parse_params() function when using the PDO PostgreSQL driver with PDO::ATTR_EMULATE_PREPARES enabled (bsc#1255712).

Other fixes:

Version 8.3.29 Core: Sync all boost.context files with release 1.86.0. Fixed bug GH-20435 (SensitiveParameter doesn't work for named argument passing to variadic parameter). Fixed bug GH-20286 (use-after-destroy during userland stream_close()). Bz2: Fix assertion failures resulting in crashes with stream filter object parameters. Date: Fix crashes when trying to instantiate uninstantiable classes via date static constructors. DOM: Fix missing NUL byte check on C14NFile(). Fibers: Fixed bug GH-20483 (ASAN stack overflow with fiber.stack_size INI small value). FTP: Fixed bug GH-20601 (ftp_connect overflow on timeout). GD: Fixed bug GH-20511 (imagegammacorrect out of range input/output values). Fixed bug GH-20602 (imagescale overflow with large height values). Intl: Fixed bug GH-20426 (Spoofchecker::setRestrictionLevel() error message suggests missing constants). LibXML: Fix some deprecations on newer libxml versions regarding input buffer/parser handling. MbString: Fixed bug GH-20491 (SLES15 compile error with mbstring oniguruma). Fixed bug GH-20492 (mbstring compile warning due to non-strings). MySQLnd: Fixed bug GH-20528 (Regression breaks mysql connexion using an IPv6 address enclosed in square brackets). Opcache: Fixed bug GH-20329...