USN-7648-1 fixed several vulnerabilities in PHP. This update provides the corresponding updates for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
Original advisory details:
It was discovered that PHP incorrectly handled certain hostnames containing null characters. A remote attacker could possibly use this issue to bypass certain hostname validation checks. (CVE-2025-1220)
It was discovered that PHP incorrectly handled the pgsql and pdo_pgsql escaping functions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-1735)
It was discovered that PHP incorrectly handled parsing certain XML data in SOAP extensions. A remote attacker could possibly use this issue to cause PHP to crash, resulting in a denial of service. (CVE-2025-6491)
7.0.33-0ubuntu0.16.04.16+esm167.2.24-0ubuntu0.18.04.17+esm97.4.3-4ubuntu2.29+esm1