[CLSA-2026:1779444977] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 10:16:22 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.2-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.2-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.2-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.2-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.2-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php72_7.2.34-74_amd64.deb
    sha:141487388cbb44860374fb225f7783bfa5f68a44
  • alt-php72-bcmath_7.2.34-74_amd64.deb
    sha:a938572e000876ad758ebdb0eb6966b0d462173d
  • alt-php72-cli_7.2.34-74_amd64.deb
    sha:a19d0b7786ced9bfa9fb0ad8ac99ed241ad9232a
  • alt-php72-common_7.2.34-74_amd64.deb
    sha:444b8890e83029e484dec890b9641a5f66679136
  • alt-php72-dba_7.2.34-74_amd64.deb
    sha:27bfedaf6cceccb00bd77652a567bdcc5d22898d
  • alt-php72-dev_7.2.34-74_amd64.deb
    sha:ce90ec67994cf9c628326a8230dd200d517feafc
  • alt-php72-enchant_7.2.34-74_amd64.deb
    sha:84aa939f0e9749436fbf1faff5e9f9163abd54c7
  • alt-php72-firebird_7.2.34-74_amd64.deb
    sha:129644d8540be241415ab260e52da04fad0b41d6
  • alt-php72-fpm_7.2.34-74_amd64.deb
    sha:d38dc5c678cb84a8a3bcf3a1828f2c5748debefc
  • alt-php72-gd_7.2.34-74_amd64.deb
    sha:e4cf36b34058a0c10a0206e8e6abd6a2e1e6cba5
  • alt-php72-imap_7.2.34-74_amd64.deb
    sha:51709a3e03ac2f3b73b776842478115a1716ddd9
  • alt-php72-intl_7.2.34-74_amd64.deb
    sha:248f563e6e010f4e05702fb072c050f25efcb05f
  • alt-php72-ldap_7.2.34-74_amd64.deb
    sha:77a240ad54249484fcd8c89f07b0e13176c7ffb6
  • alt-php72-mbstring_7.2.34-74_amd64.deb
    sha:7273f3b34124f7a6f584aed24080066811f28e78
  • alt-php72-mysqlnd_7.2.34-74_amd64.deb
    sha:6d7c46e8e8777405e368cdc30a84cdc019095d95
  • alt-php72-odbc_7.2.34-74_amd64.deb
    sha:03fc805473995d0316446d67df6eb6b8bfcca3a9
  • alt-php72-opcache_7.2.34-74_amd64.deb
    sha:1a45c8d6d846f9648af872caea8bee536c4f91dc
  • alt-php72-pdo_7.2.34-74_amd64.deb
    sha:de86a6f724f851b289fae88cdcc461e6f718fbf3
  • alt-php72-pgsql_7.2.34-74_amd64.deb
    sha:06fc0460e64ae2502a56fe8aeb024e3b5c7dbfea
  • alt-php72-process_7.2.34-74_amd64.deb
    sha:0c0504b3b17dd1d9115b829b05a54f7bdd77c6ee
  • alt-php72-pspell_7.2.34-74_amd64.deb
    sha:f7d713ca16ec95d82c1763b95f34e9a70f406f49
  • alt-php72-recode_7.2.34-74_amd64.deb
    sha:c19f8c761cfb1dd994dc8817230e1bb5207a78d5
  • alt-php72-snmp_7.2.34-74_amd64.deb
    sha:a70f3941ff901855a45713724bf5d0bb4e0103b6
  • alt-php72-soap_7.2.34-74_amd64.deb
    sha:729ab956206d9f6395b137eea39a73a03bab4692
  • alt-php72-sodium_7.2.34-74_amd64.deb
    sha:d0c4df0b58cb97894ee8ad3e111b8f2d01229976
  • alt-php72-tidy_7.2.34-74_amd64.deb
    sha:b147e39a72d39e3d7ab87bdbb569918cd5f63e27
  • alt-php72-xml_7.2.34-74_amd64.deb
    sha:bbc17e9037a1719f3a0bdd9369fcfe5b4982849a
  • alt-php72-xmlrpc_7.2.34-74_amd64.deb
    sha:5b3b641bd278ee86ce0ef01dc64cfb79b3ed3b8e
  • alt-php72_7.2.34-74_arm64.deb
    sha:3595a49f1ed39efa39b6b29fe779a46fca9a1fdf
  • alt-php72-bcmath_7.2.34-74_arm64.deb
    sha:f839f9f6064ce10a03fb5fa05f746e2062fe3487
  • alt-php72-cli_7.2.34-74_arm64.deb
    sha:518541e9c6a114bdcc17f0465f219cd716bc8660
  • alt-php72-common_7.2.34-74_arm64.deb
    sha:3d8a5467b081db1dc3d948afbaba7fd8f866a466
  • alt-php72-dba_7.2.34-74_arm64.deb
    sha:142e4340f4db9299bd82ad4d15fbbe3426c1129d
  • alt-php72-dev_7.2.34-74_arm64.deb
    sha:35e193bf2fbfdd9fd83b7a95f548c6853caeeee5
  • alt-php72-enchant_7.2.34-74_arm64.deb
    sha:ac25b7049a69663a21deabe76c0ab3d963c860c3
  • alt-php72-firebird_7.2.34-74_arm64.deb
    sha:70e4a464840ced6ec5177cb0ecbb9337f039c7cb
  • alt-php72-fpm_7.2.34-74_arm64.deb
    sha:7504e4c92e44745496d349ffa146c2c97e8c9caa
  • alt-php72-gd_7.2.34-74_arm64.deb
    sha:d3ee6525060a89caa2e7203289fac1c9ef301083
  • alt-php72-imap_7.2.34-74_arm64.deb
    sha:4843abc68bc7af473162a0c4ca57b2e5083ed6f8
  • alt-php72-intl_7.2.34-74_arm64.deb
    sha:44678a48c279dc502aebbfad3a9c70cb83c1e677
  • alt-php72-ldap_7.2.34-74_arm64.deb
    sha:fe2533732d5997fcb957552ac92797161df086c2
  • alt-php72-mbstring_7.2.34-74_arm64.deb
    sha:0bd8be81d37c60fab2b8c7170714476c93d81b68
  • alt-php72-mysqlnd_7.2.34-74_arm64.deb
    sha:32a7fc47e73584e50e163734c1264a52a2e3fb4a
  • alt-php72-odbc_7.2.34-74_arm64.deb
    sha:f0067615da27db5b173b368d9fbe4c97971e3d04
  • alt-php72-opcache_7.2.34-74_arm64.deb
    sha:3293d50b808176c20e675f844da85dba7c8e6af6
  • alt-php72-pdo_7.2.34-74_arm64.deb
    sha:ebf730445adc2889077313b5a9a7eae8b3fe3c0d
  • alt-php72-pgsql_7.2.34-74_arm64.deb
    sha:48a1f1db7f072845b264259aee5c37909be479f7
  • alt-php72-process_7.2.34-74_arm64.deb
    sha:6af12700bc40e303310a03948571796fa4be7ce0
  • alt-php72-pspell_7.2.34-74_arm64.deb
    sha:737254b7423489366d26ef9ad7e81e5b2d9680ce
  • alt-php72-recode_7.2.34-74_arm64.deb
    sha:c7acad8df48d6f20266252593ad95d109ac61c3a
  • alt-php72-snmp_7.2.34-74_arm64.deb
    sha:f5f267819ff80322e473fb9a9771e0382e24e5c8
  • alt-php72-soap_7.2.34-74_arm64.deb
    sha:a28d7990b391f511ec0e19af3122afdd6b280bdd
  • alt-php72-sodium_7.2.34-74_arm64.deb
    sha:26574d6ff9a9d0610e94300a5b4d9af6fa993b58
  • alt-php72-tidy_7.2.34-74_arm64.deb
    sha:bfbed0f7710896b07a00ab9c5bd0e99b892febf9
  • alt-php72-xml_7.2.34-74_arm64.deb
    sha:c3aab73ceaac1fedc9d13c39b6a48cd17ff8a02e
  • alt-php72-xmlrpc_7.2.34-74_arm64.deb
    sha:cbda5cf10268478f3cd4edb2bc250131d62f937d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.