Detections
Analytics

Oracle Linux 8 : php:8.2 (ELSA-2026-1412)

high Nessus Plugin ID 297067

Synopsis

The remote Oracle Linux host is missing one or more security updates.

Description

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-1412 advisory.

 libzip [1.7.3-1]
 - update to 1.7.3

 [1.6.1-1]
 - update to 1.6.1
 - enable lzma support

 [1.5.2-1]
 - update to 1.5.2
 - add all explicit cmake options to ensure openssl is used even in local build with other lilbraries available

 [1.5.1-1]
 - update to 1.5.1
 - drop dependency on zlib-devel and bzip2-devel no more referenced in libzip.pc
 - drop rpath patch merged upstream

 [1.5.0-2]
 - add dependency on zlib-devel and bzip2-devel #1556068

 [1.5.0-1]
 - update to 1.5.0
 - use openssl for cryptography instead of bundled custom AES implementation

 [1.4.0-5]
 - missing BR on C compiler
 - use ldconfig_scriptlets

 [1.4.0-4]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [1.4.0-3]
 - add upstream patch and drop multilib hack

 [1.4.0-2]
 - re-add multilib hack #1529886

 php [8.2.30-1]
 - rebase to 8.2.30

 php-pear [1:1.10.14-1]
 - update PEAR to 1.10.14 for PHP 8.2 RHEL-14705

 [1:1.10.13-1]
 - update PEAR to 1.10.13
 - update Archive_Tar to 1.4.14

 [1:1.10.12-1]
 - update PEAR to 1.10.12
 - update Archive_Tar to 1.4.9
 - update Console_Getopt to 1.4.3
 - update XML_Util to 1.4.5

 [1:1.10.9-1]
 - update PEAR to 1.10.9
 - update Archive_Tar to 1.4.7
 - update Console_Getopt to 1.4.2

 [1:1.10.5-8]
 - require /usr/bin/gpg instead of gnupg

 [1:1.10.5-7]
 - enable autoloader only in Fedora

 [1:1.10.5-6]
 - add patch for PHP 7.2 from https://github.com/pear/pear-core/pull/71

 [1:1.10.5-5]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [1:1.10.5-4]
 - add autoloader for each package

 [1:1.10.5-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

 php-pecl-apcu [5.1.23-1]
 - update to 5.1.23 for PHP 8.2 RHEL-14705

 [5.1.20-1]
 - update to 5.1.20

 [5.1.18-1]
 - update to 5.1.18

 [5.1.17-1]
 - update to 5.1.17

 [5.1.12-1]
 - update to 5.1.12 (stable)

 [5.1.11-1]
 - update to 5.1.11 (stable)

 [5.1.10-1]
 - update to 5.1.10 (stable)

 [5.1.9-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [5.1.9-2]
 - undefine _strict_symbol_defs_build

 [5.1.9-1]
 - Update to 5.1.9 (php 7, stable)

 php-pecl-rrd [2.0.3-1]
 - update to 2.0.3

 [2.0.1-1]
 - build for RHEL 8

 [2.0.1-13]
 - rebuild for https://fedoraproject.org/wiki/Changes/php74

 [2.0.1-12]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

 [2.0.1-11]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild

 [2.0.1-10]
 - Rebuild for https://fedoraproject.org/wiki/Changes/php73

 [2.0.1-9]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

 [2.0.1-8]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [2.0.1-7]
 - undefine _strict_symbol_defs_build

 [2.0.1-6]
 - rebuild for https://fedoraproject.org/wiki/Changes/php72

 php-pecl-xdebug3 [3.2.2-2]
 - drop inet_ntoa usage using upstream patch

 [3.2.2-1]
 - update to 3.2.2 for PHP 8.2 RHEL-14705

 [3.1.2-1]
 - update to 3.1.2 rhbz#2030322

 [3.0.4-5]
 - Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688

 [3.0.4-4]
 - ignore tests relying on DNS #1979841

 [3.0.4-2]
 - Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065

 [3.0.4-1]
 - update to 3.0.4

 [3.0.3-2]
 - rebuild for https://fedoraproject.org/wiki/Changes/php80

 [3.0.3-1]
 - update to 3.0.3

 [3.0.2-2]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

 php-pecl-zip [1.22.3-1]
 - update to 1.22.3 for PHP 8.2 RHEL-14705

 [1.19.2-1]
 - update to 1.19.2

 [1.18.2-1]
 - update to 1.18.2

 [1.15.4-1]
 - Update to 1.15.4

 [1.15.3-1]
 - Update to 1.15.3

 [1.15.2-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

 [1.15.2-2]
 - undefine _strict_symbol_defs_build

 [1.15.2-1]
 - Update to 1.15.2

 [1.15.1-4]
 - rebuild for https://fedoraproject.org/wiki/Changes/php72

 [1.15.1-3]
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://linux.oracle.com/errata/ELSA-2026-1412.html

Plugin Details

Severity: High

ID: 297067

File Name: oraclelinux_ELSA-2026-1412.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/28/2026

Updated: 1/28/2026

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.0

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C

CVSS Score Source: CVE-2025-14178

CVSS v3

Risk Factor: High

Base Score: 8.2

Temporal Score: 7.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.2

Threat Score: 6.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-14180

Vulnerability Information

CPE: cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:php, p-cpe:/a:oracle:linux:php-bcmath, p-cpe:/a:oracle:linux:php-cli, p-cpe:/a:oracle:linux:php-common, p-cpe:/a:oracle:linux:php-dba, p-cpe:/a:oracle:linux:php-devel, p-cpe:/a:oracle:linux:php-gd, p-cpe:/a:oracle:linux:php-ldap, p-cpe:/a:oracle:linux:php-mbstring, p-cpe:/a:oracle:linux:php-odbc, p-cpe:/a:oracle:linux:php-pdo, p-cpe:/a:oracle:linux:php-pear, p-cpe:/a:oracle:linux:php-pgsql, p-cpe:/a:oracle:linux:php-snmp, p-cpe:/a:oracle:linux:php-soap, p-cpe:/a:oracle:linux:php-xml, p-cpe:/a:oracle:linux:php-embedded, p-cpe:/a:oracle:linux:php-enchant, p-cpe:/a:oracle:linux:php-intl, p-cpe:/a:oracle:linux:php-process, p-cpe:/a:oracle:linux:php-fpm, p-cpe:/a:oracle:linux:php-mysqlnd, p-cpe:/a:oracle:linux:apcu-panel, p-cpe:/a:oracle:linux:libzip, p-cpe:/a:oracle:linux:libzip-devel, p-cpe:/a:oracle:linux:libzip-tools, p-cpe:/a:oracle:linux:php-dbg, p-cpe:/a:oracle:linux:php-gmp, p-cpe:/a:oracle:linux:php-opcache, p-cpe:/a:oracle:linux:php-pecl-apcu, p-cpe:/a:oracle:linux:php-pecl-apcu-devel, p-cpe:/a:oracle:linux:php-pecl-rrd, p-cpe:/a:oracle:linux:php-pecl-zip, p-cpe:/a:oracle:linux:php-ffi, p-cpe:/a:oracle:linux:php-pecl-xdebug3

Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/28/2026

Vulnerability Publication Date: 7/3/2025

Reference Information

CVE: CVE-2025-1220, CVE-2025-14177, CVE-2025-14178, CVE-2025-14180, CVE-2025-1735, CVE-2025-6491

IAVA: 2025-A-0497-S, 2026-A-0020