[CLSA-2026:1779295868] alt-php54: Fix of 4 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-20 16:51:15 UTC
Description:
- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys (5.4 backport applies addref half only; ref_map ZVAL_PTR_DTOR is intentionally omitted because ref_map is heterogeneous in 5.x and the dtor would corrupt the xmlNodePtr entries — see patch header) - CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value - CVE-2026-7261: soap extension use-after-free with SOAP_PERSISTENCE_SESSION header parsing failure - CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri and query_string (5.4 backport applies HTML entity escape to both HTML and JSON /status endpoints since php_json_encode_string() isn't exported on 5.x — JSON consumers will see HTML entities in request_uri/query_string fields)
Updated packages:
  • alt-php54-5.4.45-178.el7.x86_64.rpm
    sha:233c855d47ad620146ed663500bb1dc89f3ba170b028e7dd5da8a2881d40de9f
  • alt-php54-bcmath-5.4.45-178.el7.x86_64.rpm
    sha:b31064e8db548bc3f11903e38b1be9cdd319ed9410191b82c779c36d36ddd0c0
  • alt-php54-cli-5.4.45-178.el7.x86_64.rpm
    sha:ab260dd98e8ba9cd71a5489e28f9a7152e2f5e7d972b59214be6841c7172262e
  • alt-php54-common-5.4.45-178.el7.x86_64.rpm
    sha:1815af7f13315284bf546f0a66eb3df986d67a7f2d1bccf55ac7a258379272a3
  • alt-php54-dba-5.4.45-178.el7.x86_64.rpm
    sha:ec2bf35f01e4c2bb97bba8986e20e9a64e61987d4d36ebe8d365d109cd1ba012
  • alt-php54-dbx-5.4.45-178.el7.x86_64.rpm
    sha:d33463b2360e4cf60d0f7501e407b2d702756e2b84b15d2835c8d21188e520d7
  • alt-php54-devel-5.4.45-178.el7.x86_64.rpm
    sha:08b075fcbd5279a0ef0d5fde7d656d15faa13496e536a6a5419af72558df8e9a
  • alt-php54-enchant-5.4.45-178.el7.x86_64.rpm
    sha:57dc9ced69201ff876ba2e743c3841fdf7c6fc117f475789adbff4ec81a97b3e
  • alt-php54-firebird-5.4.45-178.el7.x86_64.rpm
    sha:cfb7ffe6d5ac1b22aed0375a1310e5afbc643a23e0d041bf3a87d6a2b1149917
  • alt-php54-gd-5.4.45-178.el7.x86_64.rpm
    sha:7624536702fd2942a2e283fb7f2808a0d481a3fbfe8996d8d1dadee85cccde2d
  • alt-php54-imap-5.4.45-178.el7.x86_64.rpm
    sha:667a4bb41e86d5bcc9d2fdbc04e716f71d37d58074b99ff36f7a65bb143dd134
  • alt-php54-intl-5.4.45-178.el7.x86_64.rpm
    sha:9bdc891c6517bce859f63057d9508812521dc0a0d1b1a90e26349b62363a7600
  • alt-php54-ldap-5.4.45-178.el7.x86_64.rpm
    sha:be8b09c4fd418eff29de8351df64c3ab255e16e93787e810bf2fed040f7b1daa
  • alt-php54-mbstring-5.4.45-178.el7.x86_64.rpm
    sha:009e3f1cd5f5599c14075782ec03aa07e0cddee10c9d039c3b775477b59d319b
  • alt-php54-mcrypt-5.4.45-178.el7.x86_64.rpm
    sha:186e586af924f297c698efba5d008e6f1c7b8043ac48d197bbd0e5ec4da8df86
  • alt-php54-mssql-5.4.45-178.el7.x86_64.rpm
    sha:af09f96901d62cfaa12a8a773660c72ae605938e6590a7cc2e3116a923c5c661
  • alt-php54-mysqlnd-5.4.45-178.el7.x86_64.rpm
    sha:7d63a514b0601feb616558af530711ae3ee027505670a2c021d92f079dd2d7fb
  • alt-php54-odbc-5.4.45-178.el7.x86_64.rpm
    sha:6dbd1090e2960b708470c77a4e02912a45190018c456030642eb8f4006a9289b
  • alt-php54-pdo-5.4.45-178.el7.x86_64.rpm
    sha:d298f5eb57b71289c368bd4562c5b0cb8935463d76f29fe06b6190618af02941
  • alt-php54-pgsql-5.4.45-178.el7.x86_64.rpm
    sha:046bafc64e0fa4c20cf4c91bf2aefd2efff52d40d21a287cd0766bc09cf7dfa5
  • alt-php54-php-fpm-5.4.45-178.el7.x86_64.rpm
    sha:3f10c700618ab46eb43c78c9029eec8e9ac79fdd268edc932073f62778826d2b
  • alt-php54-process-5.4.45-178.el7.x86_64.rpm
    sha:b9ce426b4df375eb17cab2323ae223f5efcce9db922f5e4252e533834dcab3ea
  • alt-php54-pspell-5.4.45-178.el7.x86_64.rpm
    sha:7a51ced1e9303c5ee3416799c1832e0ce5d749d471427b72fdb3fbc16ffffec5
  • alt-php54-recode-5.4.45-178.el7.x86_64.rpm
    sha:c8ceca655c51a2657e026b279851d8d28d39f421a0cfa548e3a4135a1653713e
  • alt-php54-snmp-5.4.45-178.el7.x86_64.rpm
    sha:a65b2303aaa2771cdff3d11d78b69755073a5735d418844025bb169d4ac6e478
  • alt-php54-soap-5.4.45-178.el7.x86_64.rpm
    sha:56bddfd3cd1b2d39550295933f3c85f84134e6337dd97d71518b044ffc770a0b
  • alt-php54-sybase-5.4.45-178.el7.x86_64.rpm
    sha:f056d1c6926f7cadcdd79b5b89993f7ac2d5343f4847a404fe8eac07933e9187
  • alt-php54-tidy-5.4.45-178.el7.x86_64.rpm
    sha:0fa2fab5a3779b3e81e5079f08017dfeaf6b9e6c4e00581c21c440aa58d58019
  • alt-php54-xml-5.4.45-178.el7.x86_64.rpm
    sha:ab6e4bfb4426e27fffd2393a331d05aab5488928df38e308e18a019218d7a430
  • alt-php54-xmlrpc-5.4.45-178.el7.x86_64.rpm
    sha:5421c0899927f0403b72bcf44d48de82227786fc2988b2b9121323f31f78d449
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.