CLSA-2026:1779211729

[CLSA-2026:1779211729] alt-php81: Fix of 7 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-19 17:28:55 UTC

Description:

- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys
- CVE-2025-14179: pdo_firebird SQL injection via NUL bytes in quoted strings
- CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value
- CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri
- CVE-2026-7259: mbstring NULL pointer dereference in php_mb_check_encoding()
  via mb_ereg_search_init() with Oniguruma-only encodings (iso-8859-11, UJIS,
  KOI8-R, ...)
- CVE-2026-7261: soap SoapServer use-after-free after header parsing failure
  when SOAP_PERSISTENCE_SESSION is set
- CVE-2026-7568: metaphone() signed integer overflow when called with >INT_MAX
  byte input on 64-bit builds

Updated packages:

alt-php81-8.1.34-11.el8.x86_64.rpm
sha:c680ebd5a99ea3f97f0cc9f3a877e427673448557ec1add249a89f14736dea41
alt-php81-bcmath-8.1.34-11.el8.x86_64.rpm
sha:179e052a3952e4ebe5e17858fdf99be73c70c842219a60b2515f49ff804d9c27
alt-php81-cli-8.1.34-11.el8.x86_64.rpm
sha:ba709a6c30e4ff7a66f1518f7369c9607adad1eb66dad26ad6e1c90d66ba0dfc
alt-php81-common-8.1.34-11.el8.x86_64.rpm
sha:e7447ffbd891cfb4aff6da76d94adeab08e3ecb276f102e2df0ee7c2f6707f78
alt-php81-dba-8.1.34-11.el8.x86_64.rpm
sha:2b000db50a46bfaf78154a3307502391095a5b10b0df338c9d90907ad4f419c7
alt-php81-devel-8.1.34-11.el8.x86_64.rpm
sha:cea10940bcb651346d82cda77a5ee3d698c393f1f71c1ddf60374efa032139bf
alt-php81-enchant-8.1.34-11.el8.x86_64.rpm
sha:595e748fbc3bc820a0acc2d0c204106f417b9ca8cc9f5f8debe613a62cd19694
alt-php81-firebird-8.1.34-11.el8.x86_64.rpm
sha:84884006a61b2d6982a16e533b17731a3f3649620377f37520b88d39badd0e16
alt-php81-gd-8.1.34-11.el8.x86_64.rpm
sha:8e530369a247e94287b85ed058f36fcac0097c218d10587d7b4ac002e0e40307
alt-php81-gmp-8.1.34-11.el8.x86_64.rpm
sha:bf96484e0cefc7ee7279039fd283e943c816da7428e57f7d22ac7a9f6be2d6e6
alt-php81-imap-8.1.34-11.el8.x86_64.rpm
sha:281cad55317424e513c524104f75beeb2061521766d7d5e8cde235c2ac4b159e
alt-php81-intl-8.1.34-11.el8.x86_64.rpm
sha:c53ed904929ced1ddb506276c906824c3904268967522514836b53e0505cc269
alt-php81-ldap-8.1.34-11.el8.x86_64.rpm
sha:090edbd6692c83082d3a4e4616413914addc74c6a33b7134459147761f006ce7
alt-php81-mbstring-8.1.34-11.el8.x86_64.rpm
sha:21dd41a768fdfd6b6e42499d6fb496fd2f4c489c7977f6acdc680087c05f69dc
alt-php81-mysqlnd-8.1.34-11.el8.x86_64.rpm
sha:e0ad2e7adb6b28a3022c9fdb6892af854bbb9ed2e65c54729d9a8b85c2ddff11
alt-php81-odbc-8.1.34-11.el8.x86_64.rpm
sha:18400e81bdf42dc4945843ff17378361afe9787558c8d381bcb21e4183ba86e8
alt-php81-opcache-8.1.34-11.el8.x86_64.rpm
sha:470c3f938394a70dee2b503d41022662c16a2496e6f7f1b9f6ee55c9ac1b71fd
alt-php81-pdo-8.1.34-11.el8.x86_64.rpm
sha:3f9ce822fd36297e196baca15bd68a12b59a34900cda9b606bb61472d8fde89b
alt-php81-pgsql-8.1.34-11.el8.x86_64.rpm
sha:5d1a905a43dfe6852785fe10e8cc578fe9e6a1ed2a0222010d4e43928b739332
alt-php81-php-fpm-8.1.34-11.el8.x86_64.rpm
sha:cd06754decb054f744c2514de61581d93e0b0fb3235bd3d3770691abb704f73c
alt-php81-process-8.1.34-11.el8.x86_64.rpm
sha:1678d7e18ad385b8815f0639b216c6f77d174462118a4c07d84ca62a25e2b88c
alt-php81-pspell-8.1.34-11.el8.x86_64.rpm
sha:f6dc12c787a397f93e45c628dc320890023174a9a08bbebe8a6bab4b38ef9314
alt-php81-snmp-8.1.34-11.el8.x86_64.rpm
sha:32a075acd1c733ad72a84af181ede4f1373e60c4506e281062962e4843f6a266
alt-php81-soap-8.1.34-11.el8.x86_64.rpm
sha:48ddf158bff2a69adfb53027558b2946d0d7c6b7a8e19ccbdaf57399ccbe51c0
alt-php81-sodium-8.1.34-11.el8.x86_64.rpm
sha:1a03afb24c08b5687d9ea4b0f225c91c13a60cc23288b078c9aa01e8b744140c
alt-php81-tidy-8.1.34-11.el8.x86_64.rpm
sha:d73922c31fa75f2128ee44f31dcf8a9b087c223b853735dca5b54f64c4f35147
alt-php81-xml-8.1.34-11.el8.x86_64.rpm
sha:86d67591df36a7b65fa6c103b51765b4b0a194aa9aa388d76036e5e6884f06ed

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.