[CLSA-2026:1779442184] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 09:29:54 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.1-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.1-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.1-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.1-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.1-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php71_7.1.33-90_amd64.deb
    sha:31dc893f2196fa5a58c69aaafc3ebe324342c301
  • alt-php71-bcmath_7.1.33-90_amd64.deb
    sha:442f8b202f6a2d2997af8bb370675180f6c9f6b2
  • alt-php71-cli_7.1.33-90_amd64.deb
    sha:5aa2ec93fe344a22a099de2ba78ee2611e45178f
  • alt-php71-common_7.1.33-90_amd64.deb
    sha:19d4b7ed036b74e99a582c3c3702fb0a43836bd1
  • alt-php71-dba_7.1.33-90_amd64.deb
    sha:4900a700b8d1c9de82fd6b7aef992815d76da99f
  • alt-php71-dev_7.1.33-90_amd64.deb
    sha:76b503857968fb770fe59563e8bbb93a681a48a6
  • alt-php71-enchant_7.1.33-90_amd64.deb
    sha:9171cd5cfb250e9683e01a6ab53493a8d4ce53c8
  • alt-php71-firebird_7.1.33-90_amd64.deb
    sha:756058b71862c87ba676fdcce7a1acb7de9039fb
  • alt-php71-fpm_7.1.33-90_amd64.deb
    sha:4cbf9af7d6f0928f7fd730ecc7ffafb837510a32
  • alt-php71-gd_7.1.33-90_amd64.deb
    sha:89c3e6a7bee202922b297efec54227ecbca7c5ef
  • alt-php71-imap_7.1.33-90_amd64.deb
    sha:bf49494383669ab7135b0628785a87c83f08a70c
  • alt-php71-intl_7.1.33-90_amd64.deb
    sha:ee1bc5370769aff4013d0c69e078b2df020181ee
  • alt-php71-ldap_7.1.33-90_amd64.deb
    sha:e9e2724d70d9fb5ada16e5284c2746f12c31f153
  • alt-php71-mbstring_7.1.33-90_amd64.deb
    sha:96b117fd7cf329413f4e051b80ffb10f205f9443
  • alt-php71-mcrypt_7.1.33-90_amd64.deb
    sha:c67005b21125b4fe283cb11bec14027de6633b90
  • alt-php71-mysqlnd_7.1.33-90_amd64.deb
    sha:8c0dede9598e04fc044c3ea05179cee7c2749371
  • alt-php71-odbc_7.1.33-90_amd64.deb
    sha:e4e6f67f42854b7c4f26a7f573a6c1538cfa2117
  • alt-php71-opcache_7.1.33-90_amd64.deb
    sha:95a2eedcc085da91cd22d968910bcb165d5f8295
  • alt-php71-pdo_7.1.33-90_amd64.deb
    sha:b5a07a78eaf40778f9279b65e787cdf6ad215a8d
  • alt-php71-pgsql_7.1.33-90_amd64.deb
    sha:cfe9346fc9f2c5f209bb485c379f472f4e05637f
  • alt-php71-process_7.1.33-90_amd64.deb
    sha:b45db33e84f2aec20d5a29f30b388213f6b53a34
  • alt-php71-pspell_7.1.33-90_amd64.deb
    sha:89353900c21ab40af55e828f6cff6347b4ebda86
  • alt-php71-recode_7.1.33-90_amd64.deb
    sha:dd7734efeee3115f2ce2dcf7c84f96e013e51c13
  • alt-php71-snmp_7.1.33-90_amd64.deb
    sha:3615f4b4be955c6d20fad72ab8852028b9b927f2
  • alt-php71-soap_7.1.33-90_amd64.deb
    sha:c7fd5c712c73b2006dcb6f54f306071164638349
  • alt-php71-tidy_7.1.33-90_amd64.deb
    sha:aebf39d444b42ec7997e66747b348d2ffb16b0ae
  • alt-php71-xml_7.1.33-90_amd64.deb
    sha:bada4bbb81bfcc631e673ed1e4a9b65272f0409c
  • alt-php71-xmlrpc_7.1.33-90_amd64.deb
    sha:e017140345953ae43c17b7f630dcd809fd07cccd
  • alt-php71_7.1.33-90_arm64.deb
    sha:3bfb088b834494256e1810d97b21519b035ac9bb
  • alt-php71-bcmath_7.1.33-90_arm64.deb
    sha:0c45209381a8c99af4951a334abc1c705e6ef9e9
  • alt-php71-cli_7.1.33-90_arm64.deb
    sha:344e20a1f2b0fb88a5e4bd6f2cd7376c2ea0e9d7
  • alt-php71-common_7.1.33-90_arm64.deb
    sha:05581c1e859066cfaed2bc0b345b032cf2e4b9b7
  • alt-php71-dba_7.1.33-90_arm64.deb
    sha:cd3799c95a0b13d5550d7d9b77a5874b73d0e434
  • alt-php71-dev_7.1.33-90_arm64.deb
    sha:241baf355df2b742012d064f75060893d4ea5acf
  • alt-php71-enchant_7.1.33-90_arm64.deb
    sha:9ef40bcd8c89d8af20a96648b0f1a19446f8da45
  • alt-php71-firebird_7.1.33-90_arm64.deb
    sha:6664eb25ae8096c214d0e8d5121389d150585fb9
  • alt-php71-fpm_7.1.33-90_arm64.deb
    sha:390016057824d9743bcf158fc02c451b27364d93
  • alt-php71-gd_7.1.33-90_arm64.deb
    sha:c8797e426747dafe5236af684718f63ad1995329
  • alt-php71-imap_7.1.33-90_arm64.deb
    sha:4d13856d6c16dc583442c47611f0e50379e8803c
  • alt-php71-intl_7.1.33-90_arm64.deb
    sha:a7bca725e500c41ce42a5d2f267401cadeb9aeb1
  • alt-php71-ldap_7.1.33-90_arm64.deb
    sha:e1269663ce79c5ee68e47f0f9e961ba38d5f3b0c
  • alt-php71-mbstring_7.1.33-90_arm64.deb
    sha:2abb9a4e92749d1d71b51f85b81751f9ab1f4e09
  • alt-php71-mcrypt_7.1.33-90_arm64.deb
    sha:a405bbc481b66824eea0c0f34b5b9a832c88cd19
  • alt-php71-mysqlnd_7.1.33-90_arm64.deb
    sha:ea6922653d6c953079587ae7670ee45a6c22e8ce
  • alt-php71-odbc_7.1.33-90_arm64.deb
    sha:319180bbfd57e6f459af01c6c27be4103dcae732
  • alt-php71-opcache_7.1.33-90_arm64.deb
    sha:ef20c96be51eb5959ec60557c280bd5e2f3e642b
  • alt-php71-pdo_7.1.33-90_arm64.deb
    sha:63c658fadd58d96a35aaf3a6d3cbc5ac8035d357
  • alt-php71-pgsql_7.1.33-90_arm64.deb
    sha:e2756521c931084ba6b87b235e297ec245718e00
  • alt-php71-process_7.1.33-90_arm64.deb
    sha:d36984623963d0808633b535e50789a0ebb96010
  • alt-php71-pspell_7.1.33-90_arm64.deb
    sha:e75797428e4e8ce369c4161ff9a9ba16c23646bb
  • alt-php71-recode_7.1.33-90_arm64.deb
    sha:7fcc7b357bfcde333fc6eb8c807dce857eb8c723
  • alt-php71-snmp_7.1.33-90_arm64.deb
    sha:2303bad0fc14393de45a3abfc02796cece9135eb
  • alt-php71-soap_7.1.33-90_arm64.deb
    sha:708049727f63602c9a254466c0dc395fe1dcd466
  • alt-php71-tidy_7.1.33-90_arm64.deb
    sha:e454f49cc1611ce5f7636ca8991d30ac5a31b06d
  • alt-php71-xml_7.1.33-90_arm64.deb
    sha:981fb043a2df4263289fbd5ebd9eb854a4be7e56
  • alt-php71-xmlrpc_7.1.33-90_arm64.deb
    sha:86a27e24d16b3f488264e7a95466c00b11cb64a0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.