[CLSA-2026:1779443755] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 09:56:01 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.3-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.3-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.3-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.3-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.3-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php73_7.3.33-59_amd64.deb
    sha:1449f83159a3887fd47ee8a8c9c804483a22c78b
  • alt-php73-bcmath_7.3.33-59_amd64.deb
    sha:6a7430d2bd3bef8cbc88c69c940f9ff0ffd797b9
  • alt-php73-cli_7.3.33-59_amd64.deb
    sha:43bb82123369970d12a7295a85abf5ffc9d91989
  • alt-php73-common_7.3.33-59_amd64.deb
    sha:b4c915917140c8b3dc7c9a38f7fec3ad210c094e
  • alt-php73-dba_7.3.33-59_amd64.deb
    sha:fe58c863a041a9470a7b1d9a4a4f727c0b7f0a07
  • alt-php73-dev_7.3.33-59_amd64.deb
    sha:87a498ba1642d0e762b820c02d5fbe31ce82de18
  • alt-php73-enchant_7.3.33-59_amd64.deb
    sha:5d3a52143469667544361e01585e85755324c900
  • alt-php73-firebird_7.3.33-59_amd64.deb
    sha:fd9a0eb6ef10ee6a78ef3339dd026bc4ce447b2f
  • alt-php73-fpm_7.3.33-59_amd64.deb
    sha:16ea9c6cd0fa7a2cb428c940d536ed40ee458342
  • alt-php73-gd_7.3.33-59_amd64.deb
    sha:3cc5eda6af70c2ce747d1540436d657014f087cb
  • alt-php73-imap_7.3.33-59_amd64.deb
    sha:05c80e954d35b819baa3812f4cd2ae64ffd201db
  • alt-php73-intl_7.3.33-59_amd64.deb
    sha:e889b9bac51f9b3884856de2c59c9c62c1153d15
  • alt-php73-ldap_7.3.33-59_amd64.deb
    sha:d858bd4a382b3e1d7f849637283ca8ae8e00e2c7
  • alt-php73-mbstring_7.3.33-59_amd64.deb
    sha:d7c9716013d54276576591fdaf0768062ea87494
  • alt-php73-mysqlnd_7.3.33-59_amd64.deb
    sha:34daf4bad9e0c4b7e81c8edeca73136f732d8198
  • alt-php73-odbc_7.3.33-59_amd64.deb
    sha:8afcdaf5ffe24a48d84de400605d6c5fd75da645
  • alt-php73-opcache_7.3.33-59_amd64.deb
    sha:08a221a6b4a787c68cb9812fe0192104cbc14688
  • alt-php73-pdo_7.3.33-59_amd64.deb
    sha:49e38cd1997574fd52d2270b727d52109f4abf17
  • alt-php73-pgsql_7.3.33-59_amd64.deb
    sha:cbbb1ee0bc57eac335c02f28b7a50c2a1fbe03c6
  • alt-php73-process_7.3.33-59_amd64.deb
    sha:6ceee5948a318141e6c06683d6056bd251677c80
  • alt-php73-pspell_7.3.33-59_amd64.deb
    sha:3397be14524a44fb0ee90fc504092ccf6333122b
  • alt-php73-recode_7.3.33-59_amd64.deb
    sha:5928e04d2045dfd4e43522d98217de19c3ed1aae
  • alt-php73-snmp_7.3.33-59_amd64.deb
    sha:94e75cb1d73ecbe566019d44224bc821139bf4e1
  • alt-php73-soap_7.3.33-59_amd64.deb
    sha:7fc0b49cfc776815f68dbfe9deda9fdeb4eaf95c
  • alt-php73-sodium_7.3.33-59_amd64.deb
    sha:483570c9cf982d6c67285c17a4dedc59abdb6cb2
  • alt-php73-tidy_7.3.33-59_amd64.deb
    sha:9d2db30b26035a46e3f930f8cf3d389ca2fa1d96
  • alt-php73-xml_7.3.33-59_amd64.deb
    sha:74f80b5dd1ae666a6593c3f70569c007635f42e1
  • alt-php73-xmlrpc_7.3.33-59_amd64.deb
    sha:65713021a7b485f5a8d7029a7877fd0251cecf8d
  • alt-php73_7.3.33-59_arm64.deb
    sha:982784dc9b09f93d58f3e1785a7acddcd89c39c4
  • alt-php73-bcmath_7.3.33-59_arm64.deb
    sha:f0b1d1d3361a53c6a0bf63b1488e0ad184b4f712
  • alt-php73-cli_7.3.33-59_arm64.deb
    sha:12de9848765cf540fe8a30dd0b7d6056d59f018e
  • alt-php73-common_7.3.33-59_arm64.deb
    sha:ca3af331ced21e5323eb97c6cc5f6e3ff455358d
  • alt-php73-dba_7.3.33-59_arm64.deb
    sha:ed4c5c25fe317b387bb9e15ec3157bccf98dfaed
  • alt-php73-dev_7.3.33-59_arm64.deb
    sha:a45f7c1194c219fb5fd74028df3078e7565bd126
  • alt-php73-enchant_7.3.33-59_arm64.deb
    sha:40d251c18130ca3a713506238d2ca33d78541db9
  • alt-php73-firebird_7.3.33-59_arm64.deb
    sha:02143a2db230d77f7b76f5e5be9e7c612e3da668
  • alt-php73-fpm_7.3.33-59_arm64.deb
    sha:9a721988b48ec6550ba4b2270f82f8c275ca7660
  • alt-php73-gd_7.3.33-59_arm64.deb
    sha:ed50edc006d6e1625ddd67c32c97ba893784c62f
  • alt-php73-imap_7.3.33-59_arm64.deb
    sha:a055c221458f6ead3df1b20097f1377c64002292
  • alt-php73-intl_7.3.33-59_arm64.deb
    sha:85a74eeb6ba8af0eab4a9d12f80fac41653ab5cb
  • alt-php73-ldap_7.3.33-59_arm64.deb
    sha:317f44f13dacd08978f59fd74eb8e20e7b1c88d7
  • alt-php73-mbstring_7.3.33-59_arm64.deb
    sha:eebc9b93e8eb2db5cdbfbe7e7ba97de88b32a911
  • alt-php73-mysqlnd_7.3.33-59_arm64.deb
    sha:9386ff17b63125ba5f1f469429d8d55a778cd283
  • alt-php73-odbc_7.3.33-59_arm64.deb
    sha:15716a85c50eb5133a205da689e142ca833bcd05
  • alt-php73-opcache_7.3.33-59_arm64.deb
    sha:63f5405fd80baafc876b1339540fc1b3d19de2a5
  • alt-php73-pdo_7.3.33-59_arm64.deb
    sha:9799841d32011026bda687ba30da607a2cf48d39
  • alt-php73-pgsql_7.3.33-59_arm64.deb
    sha:9bed19d1a16b0408725ee6497490a905cb9b4c64
  • alt-php73-process_7.3.33-59_arm64.deb
    sha:5530c1f2dbbb9b9bb8923c3312bc730a992a8de6
  • alt-php73-pspell_7.3.33-59_arm64.deb
    sha:f3084cba7147efb9676b79a84c2ea10d2c9de51e
  • alt-php73-recode_7.3.33-59_arm64.deb
    sha:bda2c70f7313a7d05fec9e12e7944ca623f52cee
  • alt-php73-snmp_7.3.33-59_arm64.deb
    sha:8c15c0044656b2471b52aa4c5b8e4994a4f950f9
  • alt-php73-soap_7.3.33-59_arm64.deb
    sha:ce93aecd817b02bb3fcdb9ac9c22ad7e18bf3302
  • alt-php73-sodium_7.3.33-59_arm64.deb
    sha:b780ef37f28892f77acd642c75ee5922334262da
  • alt-php73-tidy_7.3.33-59_arm64.deb
    sha:7ae720a2fe3662c0f83ed6520e0701a0225e4d80
  • alt-php73-xml_7.3.33-59_arm64.deb
    sha:758ccfb872ac3b0b0cb2f64701f115eea471f85e
  • alt-php73-xmlrpc_7.3.33-59_arm64.deb
    sha:bc98c96530c0f47f8b4fc2240b1af89858d4d80a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.