[CLSA-2026:1779441274] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 09:14:38 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.4-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.4-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.4-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.4-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.4-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php74_7.4.33-55_amd64.deb
    sha:9e6d117759d99c9c11c76049e2fe0126c0ff95de
  • alt-php74-bcmath_7.4.33-55_amd64.deb
    sha:924f1b8f2b2881832117f7a18558f2ab2ec542d7
  • alt-php74-cli_7.4.33-55_amd64.deb
    sha:44ee5992d60e11e94d8813fd2577cb8b7a164260
  • alt-php74-common_7.4.33-55_amd64.deb
    sha:a715c29e044fc934ca783db66014c6f508811a78
  • alt-php74-dba_7.4.33-55_amd64.deb
    sha:64f3d1c0b9e2b8cda8fe35b20adb7aee19442f70
  • alt-php74-dev_7.4.33-55_amd64.deb
    sha:73820cb3d09f01afd15f09c699833ee7e4c807c9
  • alt-php74-enchant_7.4.33-55_amd64.deb
    sha:36112f25c5d325dc8bf2735f95a299805489bf56
  • alt-php74-firebird_7.4.33-55_amd64.deb
    sha:2a3750b16747af9f81b1ef05351c36dacd68597c
  • alt-php74-fpm_7.4.33-55_amd64.deb
    sha:7a04a613ea2272e3ccaf0690de16a4247dd905e7
  • alt-php74-gd_7.4.33-55_amd64.deb
    sha:22e23da8d2f23dae7f48fc6c5cac6564b5c12f1e
  • alt-php74-imap_7.4.33-55_amd64.deb
    sha:61046c2b1eb05ce6a162f39824fc697f95bdb9df
  • alt-php74-intl_7.4.33-55_amd64.deb
    sha:f731db78a528cd9e755011f57585ea7adb1fa928
  • alt-php74-ldap_7.4.33-55_amd64.deb
    sha:9216f783dd041eb9abca85473c0ef96ac0dfb281
  • alt-php74-mbstring_7.4.33-55_amd64.deb
    sha:6840afc19a051ac998bf85d93b06093268d6cbce
  • alt-php74-mysqlnd_7.4.33-55_amd64.deb
    sha:156f25980bc06f6f8f8c170c0b07d7d29820b1ff
  • alt-php74-odbc_7.4.33-55_amd64.deb
    sha:b05be8643cfbec0a60f109e381f6b1cbcff8283f
  • alt-php74-opcache_7.4.33-55_amd64.deb
    sha:b13cfa1804d675c0934a07d7e590c70cabbd41e6
  • alt-php74-pdo_7.4.33-55_amd64.deb
    sha:0576b7021bff88a20398cf32f198875309954e3e
  • alt-php74-pgsql_7.4.33-55_amd64.deb
    sha:4b514cfad59fbd422f84db05a2ea3bb1e943880f
  • alt-php74-process_7.4.33-55_amd64.deb
    sha:312cf38bf5d8a3c02172ffce8f89ece20bafb46c
  • alt-php74-pspell_7.4.33-55_amd64.deb
    sha:bd092e150d00daebfd10768ddb8718793473101d
  • alt-php74-snmp_7.4.33-55_amd64.deb
    sha:e77cd58b172ff4f4f0f8391cdaed7b4ba458cc4f
  • alt-php74-soap_7.4.33-55_amd64.deb
    sha:4396ec6e059de6c8346912bcc8e0ffb210790341
  • alt-php74-sodium_7.4.33-55_amd64.deb
    sha:c698d2e91d3e075d2eadf9641b8420cf1dd4b4af
  • alt-php74-tidy_7.4.33-55_amd64.deb
    sha:23127385ba2544cb1155479895d58224427eca3b
  • alt-php74-xml_7.4.33-55_amd64.deb
    sha:56a0e9358c5db9c3164b298483dc7124b58fc3a9
  • alt-php74-xmlrpc_7.4.33-55_amd64.deb
    sha:41b4292a942957296237143ad679107c0081fe38
  • alt-php74_7.4.33-55_arm64.deb
    sha:6c214632f50303b89c98b4a9ab42082f89312a56
  • alt-php74-bcmath_7.4.33-55_arm64.deb
    sha:344977c23af9488f0db2d7320f48962977559fbf
  • alt-php74-cli_7.4.33-55_arm64.deb
    sha:ebbcc1ef26d1f5a7296c57feb46b2794fe457864
  • alt-php74-common_7.4.33-55_arm64.deb
    sha:6c1418fdfd95d3f8e88f079cfe836a34eac094cd
  • alt-php74-dba_7.4.33-55_arm64.deb
    sha:3d7704880018b07a798020c280e319d0c0795f3d
  • alt-php74-dev_7.4.33-55_arm64.deb
    sha:b375d656d3825e13fc33e7780989306857ffa40b
  • alt-php74-enchant_7.4.33-55_arm64.deb
    sha:1ec634054c35aeb7ad72748bc0521177867e9070
  • alt-php74-firebird_7.4.33-55_arm64.deb
    sha:4d6784cb93795907b140aedc59337cf1d405548b
  • alt-php74-fpm_7.4.33-55_arm64.deb
    sha:6d3ec6382becf600834219a4d2ac128383111377
  • alt-php74-gd_7.4.33-55_arm64.deb
    sha:31eca29bc379b893899a34d05823c178b3a36e57
  • alt-php74-imap_7.4.33-55_arm64.deb
    sha:609f9eea72aed6565cba95e7a56fcfcf5bc02fab
  • alt-php74-intl_7.4.33-55_arm64.deb
    sha:5186c948289b71cf27c5b70396fa3b55f490cfc9
  • alt-php74-ldap_7.4.33-55_arm64.deb
    sha:ebd6a57badd26f954bdb4242d54f588065fba0f8
  • alt-php74-mbstring_7.4.33-55_arm64.deb
    sha:f64ffcfcec55924e76fbf7183a699feb9f5d2d89
  • alt-php74-mysqlnd_7.4.33-55_arm64.deb
    sha:d81167069410081cfb600d1669a4965f529038cf
  • alt-php74-odbc_7.4.33-55_arm64.deb
    sha:c6b0231e2c4bdda91b7fd25dbd3af486a2402f90
  • alt-php74-opcache_7.4.33-55_arm64.deb
    sha:f0860d06ebc31c9a48c012747e9b4796caf06512
  • alt-php74-pdo_7.4.33-55_arm64.deb
    sha:a0aa2fc6a51a9305b38fe8045a7a7ace97d9af4b
  • alt-php74-pgsql_7.4.33-55_arm64.deb
    sha:d8b2c02b527f61926a53b9b529f1416f4d18d0d0
  • alt-php74-process_7.4.33-55_arm64.deb
    sha:4c466a61bdb0d4ae51d8e28176cbe6d53051de23
  • alt-php74-pspell_7.4.33-55_arm64.deb
    sha:52e0315ea72e323a453ced1fbeb497af21db91e1
  • alt-php74-snmp_7.4.33-55_arm64.deb
    sha:a63aed695bfb6767f77e301aee73f0cd7c2b1cb8
  • alt-php74-soap_7.4.33-55_arm64.deb
    sha:2f412d2ed70c07f992637169b5de916b8be368cc
  • alt-php74-sodium_7.4.33-55_arm64.deb
    sha:40b2e85aab0f6dc7cc415f36d8aca50c3c1afc31
  • alt-php74-tidy_7.4.33-55_arm64.deb
    sha:fd8731f4639e1f99b3742b3aea8cf26d744a90b0
  • alt-php74-xml_7.4.33-55_arm64.deb
    sha:da993dc754ceb85679b1810a06585bc70717bacd
  • alt-php74-xmlrpc_7.4.33-55_arm64.deb
    sha:3059ff2aead79f3c733ccdcb8aacb039955a0c51
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.