[CLSA-2026:1779125079] php: Fix of 6 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-18 17:24:47 UTC
Description:
- CVE-2026-7258: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4) - CVE-2026-6722: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5) - CVE-2026-7262: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv) - CVE-2026-7568: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57) - CVE-2026-7261: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q) - CVE-2025-14179: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)
Updated packages:
  • php-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:cbe0c68a2ba818b2fe8eda67e4daeebd59bf067f7c67c5d4d748eaa755790d53
  • php-bcmath-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:253bd9a57f147e62cf4037552cc46e86b4f86f6ec6e58266b631941c3a928d6c
  • php-cli-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:ed4abe10b144777616026e3ec0b92d513398d1ffdb240fcdffea11cc81575651
  • php-common-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:3898ffffa1c3b93db095ffdc948dee5232011eb8b9d960f7c19f6499710c8042
  • php-dba-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:eeab44555b2187933ac7643daeebff783167533f56dde3776410c7e8efe00f0d
  • php-dbg-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:10c8508bc984e13e408a7c4f1133d1968e8cfb8627979983e4c8211b30b0ed9d
  • php-devel-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:27bee02644721e4ed693a1bfffd1efd1620b7bc8ca6552f001fb0bafbebe7e9c
  • php-embedded-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:65e4e05f9d289d98164e95c613be8b04d7b57832b817e04b2870b0b0cd604cc8
  • php-enchant-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:4054b40a441f35fb6c6d48bea1ede168df729677ff1a502b3e1e94467113c5e0
  • php-fpm-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:85b5c5e254f7250239ac606755134cf0e851146d7ab64d806e492b3af57df16e
  • php-gd-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:140ae250dd10349ce7fb9155246f8d253deddc5c5028f98e1e5472502632607b
  • php-gmp-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:bf999191072ae1e8cecdb93a9889e4ea96bd399f6648a717881baf9903034946
  • php-intl-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:14d4f6e35fdb16d706dc3243da9e05a30ead9f491fb743163fd7664a7dca46d3
  • php-json-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:75fe137f6a16c4d4b90dd0e6f88351f568cf8ab4ceb53be93de5e848df522377
  • php-ldap-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:0d84c58760e84934542787680e6badfdf8b6408ede6a56625b5ff435edd328c3
  • php-mbstring-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:586186ddc9604f33c8cdfd3b9fcbbbd0aaacc25175f19bf3701716ec70e22db0
  • php-mysqlnd-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:85128886fedd296eb4d5338999da04c8376d47808cd33f46c44e2601d4042ccd
  • php-odbc-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:80e76d311a300ec44766c3fe15a0386154d1c2bc6cab32d43f4e9842b851109d
  • php-opcache-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:bd156f9eb0753005148aa45e056fab08b01dd390efec3d985ef0c9507a761019
  • php-pdo-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:632215640884b1f1301c5c715ed5ceca068d60ad2d452d7cf54f04b94b3a54f9
  • php-pgsql-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:85e51cdd9e7a75e9549fed368a9a368bb8d5e9d9df4a9efd71a4f3c141c1d094
  • php-process-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:e314d8a0993cdc4f31605edfdbde1a7e8ad453f1b164a484941fb6cead912543
  • php-recode-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:fea477c29201cf2a424b24b6714e9895e565831b9eb794adc8f8e3116ebb6fca
  • php-snmp-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:2ac618e72287443d62d4ed7ce57d37fd0e38e31d107e13c72d66e6ba119340ff
  • php-soap-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:868362502fddba690d0b25747a1a27cbf894ee1341ef7178de2342c3910f8814
  • php-xml-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:00b11e994714893410364418063ac0803792eddb3e67cd8b7040f930a754c928
  • php-xmlrpc-7.2.24-1.module_el8+2405+28f8b298.tuxcare.els24.x86_64.rpm
    sha:3c6c2782c58ff6e037f012f744f7b56f9faa8efe5669692c2c3f966715f3dfbd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.