[CLSA-2026:1779282034] alt-php80: Fix of 7 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-20 13:00:41 UTC
Description:
- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys - CVE-2025-14179: pdo_firebird SQL injection via NUL bytes in quoted strings - CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value - CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri - CVE-2026-7259: mbstring NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() with Oniguruma-only encodings (iso-8859-11, UJIS, KOI8-R, ...) - CVE-2026-7261: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - CVE-2026-7568: metaphone() signed integer overflow when called with >INT_MAX byte input on 64-bit builds
Updated packages:
  • alt-php80-8.0.30-42.el9.x86_64.rpm
    sha:db47dd103491d2ad3b1549aa6ea3e2e31dfc76b225894cdacb8c0238ca8f76a8
  • alt-php80-bcmath-8.0.30-42.el9.x86_64.rpm
    sha:a2a592fb1ae4730a9ab83ac3ebbab1ad85fca61a881c3cb1b49a26e2948ed1b0
  • alt-php80-cli-8.0.30-42.el9.x86_64.rpm
    sha:02ed7384460e996577896b0478341fd14206ae1931e4a00d349cbf7e7e337c3b
  • alt-php80-common-8.0.30-42.el9.x86_64.rpm
    sha:9a177eb56f6806d6f17daf2808fab25f304b9ad0702a88e4ac8b841ca15bd434
  • alt-php80-dba-8.0.30-42.el9.x86_64.rpm
    sha:e6a0cb86c97b55af68616a47641048e272a83dd8c4d6a754c0625d2113f874e6
  • alt-php80-devel-8.0.30-42.el9.x86_64.rpm
    sha:be05403c33d7a234d3902d1aaddc53109552dd579b979735d4365508089342b7
  • alt-php80-enchant-8.0.30-42.el9.x86_64.rpm
    sha:90ace7a7788c2100cabb79835cd0e58c3ed527d7b814a9bd7e7fe2432e543f4c
  • alt-php80-firebird-8.0.30-42.el9.x86_64.rpm
    sha:d5775c6b28085619e141ff4e90775e4f4a583e84da4309b98408a466b0d3a9cd
  • alt-php80-gd-8.0.30-42.el9.x86_64.rpm
    sha:6d09f2d7d9c99641c7bd746aa50c91d1b850169ca056a2385b7830c5bfef1e74
  • alt-php80-imap-8.0.30-42.el9.x86_64.rpm
    sha:6158b0e044013bfb0824106ee98c62ca323889b8051e33a68004ed0e7e46a0f9
  • alt-php80-intl-8.0.30-42.el9.x86_64.rpm
    sha:1581a9a79b6160f19a245c664b92560939c8a58a22c702d6093c3b4545210f58
  • alt-php80-ldap-8.0.30-42.el9.x86_64.rpm
    sha:84394f28ff02fc4bcd6d8007aaa9a7e6c1904f0aff834e218247bc27fc94d6c2
  • alt-php80-mbstring-8.0.30-42.el9.x86_64.rpm
    sha:07c50b8ce3ab3334e7dccd405b164acbc76f15de172f1ffa49824dd4f5bd29ea
  • alt-php80-mysqlnd-8.0.30-42.el9.x86_64.rpm
    sha:f8515a862f309f3084269120ad9c7f01e659a42c358b09df587d634d11a72bf1
  • alt-php80-odbc-8.0.30-42.el9.x86_64.rpm
    sha:aff036899f29cd7eef3244efc6e4aa441fd9ddb39c7de4f59d675c0cb473740d
  • alt-php80-opcache-8.0.30-42.el9.x86_64.rpm
    sha:5e7188251c8e35065f0949cb1a6b60ce216fe6cbcb77833aa58b02ac0149e7a5
  • alt-php80-pdo-8.0.30-42.el9.x86_64.rpm
    sha:268738941276e8c018b5a9cf53ce6fc380c78737450c0d08a78937916d1b1f64
  • alt-php80-pgsql-8.0.30-42.el9.x86_64.rpm
    sha:2fa10697fac5acd1aff242aba72b1c2ee4069ed9df8c9c3d54f4b52563ac1b94
  • alt-php80-php-fpm-8.0.30-42.el9.x86_64.rpm
    sha:4fab32f09c98de9c1207f9095ce0c0d7e981f5fcc7a926785b9da0b10a23cbf3
  • alt-php80-process-8.0.30-42.el9.x86_64.rpm
    sha:920decebbc75d4a02a0caa95e84abcf1606bb13087da6726b3dde0e22733ac89
  • alt-php80-pspell-8.0.30-42.el9.x86_64.rpm
    sha:3d75f6f303877b4e44efe87659dd6a17cbe616e76750abcc773f1fb05d04afda
  • alt-php80-snmp-8.0.30-42.el9.x86_64.rpm
    sha:52c8360efb55f3257d227d4bea40bfab5a9d95d5e076dd62f03c164c5df6a359
  • alt-php80-soap-8.0.30-42.el9.x86_64.rpm
    sha:4923df1cd3087573ec74f31c59a4f4c212eee7ed599db00e56405b42c2b2fa6b
  • alt-php80-sodium-8.0.30-42.el9.x86_64.rpm
    sha:b05e9aad24c047ac58631f23540edc117bcbe04e9994f2580c37db3d57d3b07c
  • alt-php80-tidy-8.0.30-42.el9.x86_64.rpm
    sha:6c68fa7f73030cc81529727bbaad9e575d9b3cc8f36839f6041f3eed45c39118
  • alt-php80-xml-8.0.30-42.el9.x86_64.rpm
    sha:a1c5eeac50f1f96d70a4e102dda954e9567018615b5ec27542781179d12e4c1b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.