[CLSA-2026:1779472306] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 17:51:53 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.4-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.4-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.4-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.4-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.4-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php74_7.4.33-55_amd64.deb
    sha:9e6d117759d99c9c11c76049e2fe0126c0ff95de
  • alt-php74-bcmath_7.4.33-55_amd64.deb
    sha:9a5912850cb63e0a10d04782044fa7206a5bf00d
  • alt-php74-cli_7.4.33-55_amd64.deb
    sha:d13cec1fd73e24832b21b5e4d5b5174752523bf8
  • alt-php74-common_7.4.33-55_amd64.deb
    sha:2920ccad4c90acc02859ea52717e0dd0fd74fc28
  • alt-php74-dba_7.4.33-55_amd64.deb
    sha:49e22f8b7fd1fc841aa5b147ad37c7149163f19c
  • alt-php74-dev_7.4.33-55_amd64.deb
    sha:d9b594d661784b97947b7b43a7457eb63b26937f
  • alt-php74-enchant_7.4.33-55_amd64.deb
    sha:aea59524923c21c46f07af433c700bf43ce1183a
  • alt-php74-firebird_7.4.33-55_amd64.deb
    sha:95e8c46b1a395547cd6453a98601d52b0f5be886
  • alt-php74-fpm_7.4.33-55_amd64.deb
    sha:18a43ad2a98f770ac289ee249219903c7ba1ae71
  • alt-php74-gd_7.4.33-55_amd64.deb
    sha:1dc256e482a3aa2baa2aa02e239f8a21add91363
  • alt-php74-imap_7.4.33-55_amd64.deb
    sha:724b7fbe25a87231ddb94bb009db58fd0c53cf23
  • alt-php74-intl_7.4.33-55_amd64.deb
    sha:74c374cdb48fd8ba3970fd5e51e54827ea0339fa
  • alt-php74-ldap_7.4.33-55_amd64.deb
    sha:f17ae88c717fd644dcec69b2dc914058cb9d446d
  • alt-php74-mbstring_7.4.33-55_amd64.deb
    sha:d28f168e42b45f3e9a2a671f4d294096aac64b4d
  • alt-php74-mysqlnd_7.4.33-55_amd64.deb
    sha:0aa891b3314a78fba9833d1d55b74ddda9d41e38
  • alt-php74-odbc_7.4.33-55_amd64.deb
    sha:f459d299b1e6a24fcb2baa1cb7a384c5ff374b6e
  • alt-php74-opcache_7.4.33-55_amd64.deb
    sha:8b5f3325d3599bcf026430d23af79eaf2b0886f2
  • alt-php74-pdo_7.4.33-55_amd64.deb
    sha:587424810802a1bfcd4243856503183ecafdb3f8
  • alt-php74-pgsql_7.4.33-55_amd64.deb
    sha:5943b942a7f576e9201838c9e52b23f9827ceda8
  • alt-php74-process_7.4.33-55_amd64.deb
    sha:0f818dc394d9794433af9590734abf590b86abc2
  • alt-php74-pspell_7.4.33-55_amd64.deb
    sha:65345950f424088f9eefdf6bd2d31a46f78fe01a
  • alt-php74-snmp_7.4.33-55_amd64.deb
    sha:edf9a3c271b404f86d4000de339017c9c5ef06fe
  • alt-php74-soap_7.4.33-55_amd64.deb
    sha:47b87790bfd64b3baa8ce780f65d77bd0b4773ee
  • alt-php74-sodium_7.4.33-55_amd64.deb
    sha:4928970234f3c6c383919e8e6ccf8d5d2a5de306
  • alt-php74-tidy_7.4.33-55_amd64.deb
    sha:f0940f7053610012bcdbd4b48a4c2473e2b6e4cd
  • alt-php74-xml_7.4.33-55_amd64.deb
    sha:cff53774bc9b3545cffea5a4df463cb68fc041a6
  • alt-php74-xmlrpc_7.4.33-55_amd64.deb
    sha:1fe6ca6d6e95917a66da900ee4cc36dc99ef4c8d
  • alt-php74_7.4.33-55_arm64.deb
    sha:6c214632f50303b89c98b4a9ab42082f89312a56
  • alt-php74-bcmath_7.4.33-55_arm64.deb
    sha:0cac771524772a2da1920215db84230359b51103
  • alt-php74-cli_7.4.33-55_arm64.deb
    sha:25ff3a3012ea11c2ded60efe2d448cd52420b22b
  • alt-php74-common_7.4.33-55_arm64.deb
    sha:d52242f55b4cbe1802332c5f643adb3c7695e4b9
  • alt-php74-dba_7.4.33-55_arm64.deb
    sha:ef6ae9d0235f0943a158e3526b7d84516e37a52b
  • alt-php74-dev_7.4.33-55_arm64.deb
    sha:8e4393445bc209fc9d6948f6b83e4dc76239449f
  • alt-php74-enchant_7.4.33-55_arm64.deb
    sha:feccd8e2ab7413fae97116c3f7fe54dde5cb6a56
  • alt-php74-firebird_7.4.33-55_arm64.deb
    sha:bb364d1ddcc457f7774b130bc168c39877d90d83
  • alt-php74-fpm_7.4.33-55_arm64.deb
    sha:751a3483cf531fc018da72f843eb356da9e03967
  • alt-php74-gd_7.4.33-55_arm64.deb
    sha:95e58550682b066fda46c98348b7c0ef014a99ea
  • alt-php74-imap_7.4.33-55_arm64.deb
    sha:f0100725435d80024c3e78ed964c93ba43762759
  • alt-php74-intl_7.4.33-55_arm64.deb
    sha:cd7475ae0ac85b5bb1e1c6ae71502e79a34873c3
  • alt-php74-ldap_7.4.33-55_arm64.deb
    sha:e75305c6862595021c6648b8cf6bfe655ecf69fa
  • alt-php74-mbstring_7.4.33-55_arm64.deb
    sha:c1ecff58da787e4ea27fbd30c3f405f12579f3eb
  • alt-php74-mysqlnd_7.4.33-55_arm64.deb
    sha:80f70839c2cf13dfe562e30eab2b27c90799dc5d
  • alt-php74-odbc_7.4.33-55_arm64.deb
    sha:56303c8778d5f4531908636e77a4acd9d60d6561
  • alt-php74-opcache_7.4.33-55_arm64.deb
    sha:82ba5d189fa4eccdf471ac88254fa7f8fffffc8b
  • alt-php74-pdo_7.4.33-55_arm64.deb
    sha:43f55036f15554377e6fddbe5b191f7ee74e7115
  • alt-php74-pgsql_7.4.33-55_arm64.deb
    sha:e9c143607713d2e6a3b490aa2ea9b19a902c9d8c
  • alt-php74-process_7.4.33-55_arm64.deb
    sha:c9d742294b95d952301ed02e5dbd4891981d4028
  • alt-php74-pspell_7.4.33-55_arm64.deb
    sha:b807799cdb290488641af8617e6c53e86f13f016
  • alt-php74-snmp_7.4.33-55_arm64.deb
    sha:22de6a903125c7faa52fb5d51ba3ffdbbc193615
  • alt-php74-soap_7.4.33-55_arm64.deb
    sha:bc3236f580a02cd5577e7ce2bd965b0ea090d79b
  • alt-php74-sodium_7.4.33-55_arm64.deb
    sha:df8b584047de562fbc9248114cad0ddd99937bb9
  • alt-php74-tidy_7.4.33-55_arm64.deb
    sha:b9e1a02edb0a68262055a3b94c05bd4ac4203ea8
  • alt-php74-xml_7.4.33-55_arm64.deb
    sha:79e35295855d954dafc3937e66fd9f3b5b487ff2
  • alt-php74-xmlrpc_7.4.33-55_arm64.deb
    sha:a9633135e53b935f7e1da57472644769a5347e73
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.