The php-oci8 packages provides the OCI8 extension version 3.0.1
and the PDO driver to access Oracle Database.
The extension is linked with Oracle client libraries 23.26.1
(Oracle Instant Client). For details, see Oracle's note
"Oracle Client / Server Interoperability Support" (ID 207303.1).
You must install libclntsh.so.23.1 to use this package,
provided by Oracle Instant Client RPM available from Oracle on:
https://www.oracle.com/database/technologies/instant-client/downloads.html
Documentation is at http://php.net/oci8 and http://php.net/pdo_oci
Provides
Requires
License
PHP
Changelog
* Mon May 11 2026 Remi Collet <remi@remirepo.net> - 8.0.30-16
- Fix XSS within status endpoint
CVE-2026-6735
- Fix Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init()
CVE-2026-7259
- Fix SQL injection via NUL bytes in quoted strings
CVE-2025-14179
- Fix Stale SOAP_GLOBAL(ref_map) pointer with Apache Map
CVE-2026-6722
- Fix Use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION
CVE-2026-7261
- Fix Broken Apache map value NULL check
CVE-2026-7262
- Fix Signed integer overflow of char array offset
CVE-2026-7568
- Fix Consistently pass unsigned char to ctype.h functions
CVE-2026-7258
* Thu Dec 18 2025 Remi Collet <remi@remirepo.net> - 8.0.30-15
- Fix Null byte termination in dns_get_record()
GHSA-www2-q4fc-65wf
- Fix Heap buffer overflow in array_merge()
CVE-2025-14178
- Fix Information Leak of Memory in getimagesize
CVE-2025-14177
* Thu Jul 03 2025 Remi Collet <remi@remirepo.net> - 8.0.30-14
- Fix pgsql extension does not check for errors during escaping
CVE-2025-1735
- Fix NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
CVE-2025-6491
- Fix Null byte termination in hostnames
CVE-2025-1220
* Thu Mar 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-13
- Fix libxml streams use wrong `content-type` header when requesting a redirected resource
CVE-2025-1219
- Fix Stream HTTP wrapper header check might omit basic auth header
CVE-2025-1736
- Fix Stream HTTP wrapper truncate redirect location to 1024 bytes
CVE-2025-1861
- Fix Streams HTTP wrapper does not fail for headers without colon
CVE-2025-1734
- Fix Header parser of `http` stream wrapper does not handle folded headers
CVE-2025-1217
- use oracle client library version 23.7 on x86_64 and aarch64
* Thu Feb 13 2025 Remi Collet <remi@remirepo.net> - 8.0.30-12
- backport fix for ICU 74+
- backport fix strict prototypes
* Wed Nov 27 2024 Remi Collet <remi@remirepo.net> - 8.0.30-11
- Fix Leak partial content of the heap through heap buffer over-read
CVE-2024-8929
* Fri Nov 22 2024 Remi Collet <remi@remirepo.net> - 8.0.30-10
- Fix Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface
GHSA-4w77-75f9-2c8w
- Fix OOB access in ldap_escape
CVE-2024-8932
- Fix Integer overflow in the dblib/firebird quoter causing OOB writes
CVE-2024-11236
- Fix Configuring a proxy in a stream context might allow for CRLF injection in URIs
CVE-2024-11234
- Fix Single byte overread with convert.quoted-printable-decode filter
CVE-2024-11233
* Thu Sep 26 2024 Remi Collet <remi@remirepo.net> - 8.0.30-9
- Fix Bypass of CVE-2012-1823, Argument Injection in PHP-CGI
CVE-2024-4577
- Fix Bypass of CVE-2024-4577, Parameter Injection Vulnerability
CVE-2024-8926
- Fix cgi.force_redirect configuration is bypassable due to the environment variable collision
CVE-2024-8927
- Fix Logs from childrens may be altered
CVE-2024-9026
- Fix Erroneous parsing of multipart form data
CVE-2024-8925
- use ICU 74.2
* Mon Aug 26 2024 Remi Collet <