[CLSA-2026:1779441730] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 09:22:15 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.2-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.2-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.2-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.2-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.2-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php72_7.2.34-74_amd64.deb
    sha:141487388cbb44860374fb225f7783bfa5f68a44
  • alt-php72-bcmath_7.2.34-74_amd64.deb
    sha:a79ada3f4f98ece7614e8713653b529dbee6f44c
  • alt-php72-cli_7.2.34-74_amd64.deb
    sha:16e84aa12f5695bf9e148e573ee436dc036bcfea
  • alt-php72-common_7.2.34-74_amd64.deb
    sha:b5c5cccea4b56d0394d0948b95f9fc198706382b
  • alt-php72-dba_7.2.34-74_amd64.deb
    sha:62c8d6ee85ae1d7c47927401186abd50fdd284c8
  • alt-php72-dev_7.2.34-74_amd64.deb
    sha:18b830cc4eb26e88c5e50b810787ad2917cb84ac
  • alt-php72-enchant_7.2.34-74_amd64.deb
    sha:00b20c44cb394f8ee87f4ce667f683119fb1f3eb
  • alt-php72-firebird_7.2.34-74_amd64.deb
    sha:0849f610f47da7f739ea1f3cdc9ff4f412c8d731
  • alt-php72-fpm_7.2.34-74_amd64.deb
    sha:58780232406617b71d512e1b6831ab13c38a6534
  • alt-php72-gd_7.2.34-74_amd64.deb
    sha:db729cbff907834feec7b77c7690259805a1e0ec
  • alt-php72-imap_7.2.34-74_amd64.deb
    sha:411ac1cfcb523d13edf652797485302ceeb39d7e
  • alt-php72-intl_7.2.34-74_amd64.deb
    sha:e099cdf9caeea1fd4822155d133ab1ad6baa2f5e
  • alt-php72-ldap_7.2.34-74_amd64.deb
    sha:0a3d83f307c4d21ce9898ba9cc92907c5b7cda8f
  • alt-php72-mbstring_7.2.34-74_amd64.deb
    sha:d1768289c49fd5b0e91fd48811741e62099443e7
  • alt-php72-mysqlnd_7.2.34-74_amd64.deb
    sha:6eb7b0c8094bc43f8edfae2df8785a7260a874e3
  • alt-php72-odbc_7.2.34-74_amd64.deb
    sha:00911136ef1c2e4a6d66d440b566c84ffdbf8e67
  • alt-php72-opcache_7.2.34-74_amd64.deb
    sha:1be0776d4c8e7ee239c8c29a153290a282f9fff6
  • alt-php72-pdo_7.2.34-74_amd64.deb
    sha:e388067a56cc8e8ac30a110e15aab0f15b8681be
  • alt-php72-pgsql_7.2.34-74_amd64.deb
    sha:91f1bf99f3797fe348e96a31f08051c26ff9ba7d
  • alt-php72-process_7.2.34-74_amd64.deb
    sha:95bac2349c08b4f8f757b28bc45fdb4b56747030
  • alt-php72-pspell_7.2.34-74_amd64.deb
    sha:64e12ba8369eb3cb5a945f7b4b68651001afa686
  • alt-php72-recode_7.2.34-74_amd64.deb
    sha:792e3f9bd9ef242aff9edd0ecb848885ef59d935
  • alt-php72-snmp_7.2.34-74_amd64.deb
    sha:1119a5d06bd84805d8c080bc2f85717b1905ec66
  • alt-php72-soap_7.2.34-74_amd64.deb
    sha:1e04ef811554d3dc1b8829e40dc6700b6b911569
  • alt-php72-sodium_7.2.34-74_amd64.deb
    sha:a61e97bf94fc182bb50cf79a3783241ea9a60994
  • alt-php72-tidy_7.2.34-74_amd64.deb
    sha:1ee5243bcc0ce3ad6ed7bd7796ef07bc79912028
  • alt-php72-xml_7.2.34-74_amd64.deb
    sha:86193430010a7f8fb78e2626c30acc8064730162
  • alt-php72-xmlrpc_7.2.34-74_amd64.deb
    sha:dee1156384225e958055b1af93db1dd2dcaf4371
  • alt-php72_7.2.34-74_arm64.deb
    sha:3595a49f1ed39efa39b6b29fe779a46fca9a1fdf
  • alt-php72-bcmath_7.2.34-74_arm64.deb
    sha:b2e2dfdcaa09f621b102220fd078913ec30b7664
  • alt-php72-cli_7.2.34-74_arm64.deb
    sha:fc221b601326b51b9ad26fd695035b91f2c1c7eb
  • alt-php72-common_7.2.34-74_arm64.deb
    sha:3c4565e808d0df5fa78bd434b0c36926f2b36c7a
  • alt-php72-dba_7.2.34-74_arm64.deb
    sha:67a273558aaac620e66e8a4881ca1c985018c6b0
  • alt-php72-dev_7.2.34-74_arm64.deb
    sha:f6be015862dbd95c7daa404c4c5cd51c1009d9b9
  • alt-php72-enchant_7.2.34-74_arm64.deb
    sha:157ce0f454c583ddf39d15ec7d2fff4766ba0bf4
  • alt-php72-firebird_7.2.34-74_arm64.deb
    sha:ed420a3ccaacfc72bb1ab82d495d50563eb9bf43
  • alt-php72-fpm_7.2.34-74_arm64.deb
    sha:9491047662bcb3bd5f08dc10f07d52be7dba7f4e
  • alt-php72-gd_7.2.34-74_arm64.deb
    sha:503c82f1209cb7014f9f72b4b9c98faaabad1a5c
  • alt-php72-imap_7.2.34-74_arm64.deb
    sha:28ae8043796fbdee68848aa93509dc4f2a0b3ff6
  • alt-php72-intl_7.2.34-74_arm64.deb
    sha:a5a29c8415254c4f55b0bf63de49d16844950147
  • alt-php72-ldap_7.2.34-74_arm64.deb
    sha:1c124c00cd0e80648eaab72f00e7c1841060ec0d
  • alt-php72-mbstring_7.2.34-74_arm64.deb
    sha:83c1727ad5d44ad5821c3897b9069d1fe4533c53
  • alt-php72-mysqlnd_7.2.34-74_arm64.deb
    sha:84bc9c50a0a9d692220971289b35c882918a9b1e
  • alt-php72-odbc_7.2.34-74_arm64.deb
    sha:4ce04957885c63fa903e1faf27378893e09f055e
  • alt-php72-opcache_7.2.34-74_arm64.deb
    sha:304e24e4979a41330343bfc47772b8f48dde1a9b
  • alt-php72-pdo_7.2.34-74_arm64.deb
    sha:6c8f0d33088ec990bfa1d41aa69bfc350bea7646
  • alt-php72-pgsql_7.2.34-74_arm64.deb
    sha:c3066188b573e9fcf752dfad2210f073dcd137a1
  • alt-php72-process_7.2.34-74_arm64.deb
    sha:4638d448e280cba75709f5002c66246fb664aeef
  • alt-php72-pspell_7.2.34-74_arm64.deb
    sha:2a0f1d2cc246d433c2ce4cb90d2b574a488b4c9f
  • alt-php72-recode_7.2.34-74_arm64.deb
    sha:f6e3e428b691d1d6b113eaa3068458f0a240b15c
  • alt-php72-snmp_7.2.34-74_arm64.deb
    sha:28eb4451d6d1729f40d6864abce5be6332fbefd6
  • alt-php72-soap_7.2.34-74_arm64.deb
    sha:4e8f3ea24d839575d5428418e58524ea84956a51
  • alt-php72-sodium_7.2.34-74_arm64.deb
    sha:90b1bec65ca0b31240863e7a90fec087c940e2fa
  • alt-php72-tidy_7.2.34-74_arm64.deb
    sha:c5b9ada05c84b6879969472d555f997f82c7151c
  • alt-php72-xml_7.2.34-74_arm64.deb
    sha:2b254488bf78725876713aa923d507f7ea759f86
  • alt-php72-xmlrpc_7.2.34-74_arm64.deb
    sha:304240b69ce4b2cacb9be41ebe896721c6343a7a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.