This update for php8 fixes the following issues

- CVE-2025-14179: improper handling of NULL bytes by the PDO Firebird driver when preparing SQL queries can lead to SQL
  injection (bsc#1264778).
- CVE-2026-6104: out-of-bounds read when processing an encoding name containing an embedded NULL byte in
  `mb_convert_encoding()` can lead to information disclosure and denial of service (bsc#1264777).
- CVE-2026-6722: use-after-free in SOAP using Apache map can lead to remote code execution (bsc#1264776).
- CVE-2026-6735: improper validation of the request URI within the PHP-FPM status page can lead to XSS (bsc#1264775).
- CVE-2026-7258: signed `char` values passed to `ctype` functions like `isxdigit` can lead to OOB access and denial of
  service (bsc#1264774).
- CVE-2026-7259: NULL pointer dereference in `php_mb_check_encoding()` via `mb_ereg_search_init()` can lead to a denial
  of service (bsc#1264773).
- CVE-2026-7261: use-after-free due to incorrectly handled persistence of handler objects when SOAP_PERSISTENCE_SESSION
  is configured can lead to memory corruption, information disclosure and process crashes (bsc#1264772).
- CVE-2026-7262: NULL pointer dereference caused by mistake in the SOAP decoding process when a typemap is configured
  can lead to a denial of service (bsc#1264771).
- CVE-2026-7263: incorrect processing of XML data in the `DOMNode: C14N()` method can lead to an infinite loop and a
  denial of service (bsc#1264770).
- CVE-2026-7568: integer overflow in the `metaphone` function can lead to undefined behavior and affect the availability
  of the PHPprocess (bsc#1264769).

Other updates:

- Updated to 8.4.21.