[CLSA-2026:1779442974] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 09:43:00 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.0-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.0-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.0-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.0-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.0-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php70_7.0.33-124_amd64.deb
    sha:b259234f2dc4286282e8757f0c6d39c40d5397ed
  • alt-php70-bcmath_7.0.33-124_amd64.deb
    sha:2f67746728f9f85b20b508dbea0d6f206999d65e
  • alt-php70-cli_7.0.33-124_amd64.deb
    sha:b5bb94ced0698ebd9f9861e52c62a0c7c1bd8fbc
  • alt-php70-common_7.0.33-124_amd64.deb
    sha:60159c2f05e1c5bddd05e4e62236576eb230b446
  • alt-php70-dba_7.0.33-124_amd64.deb
    sha:17761017eecdbd5068906aa220df720e07545e09
  • alt-php70-dev_7.0.33-124_amd64.deb
    sha:52ff172ee4a44dd8ab5d313f13ac4e8afde43b39
  • alt-php70-enchant_7.0.33-124_amd64.deb
    sha:5e7b3b58a54fa9d0c7c306fcd4907872dd66523e
  • alt-php70-firebird_7.0.33-124_amd64.deb
    sha:8e0c4eca80fe6bfb343c613188eb68d7bafb6224
  • alt-php70-fpm_7.0.33-124_amd64.deb
    sha:0ebe8a2ae38d52a3eccd862f6e71025bf3870b98
  • alt-php70-gd_7.0.33-124_amd64.deb
    sha:824620dc4374d4bf7532fbcc43b08a1e5ddad76d
  • alt-php70-imap_7.0.33-124_amd64.deb
    sha:3f53ef2b670fcda0602d7cc0aee145d07ae1e2a1
  • alt-php70-intl_7.0.33-124_amd64.deb
    sha:856e4b4d57ec30fe8457dd5d7f68c8fcb59d82eb
  • alt-php70-ldap_7.0.33-124_amd64.deb
    sha:5dc41edb2c7b922e122e03a2f38f8d70f1aa5c82
  • alt-php70-mbstring_7.0.33-124_amd64.deb
    sha:92e65594bce31888be2ccf38416195a00d57f653
  • alt-php70-mcrypt_7.0.33-124_amd64.deb
    sha:e731ae95f202a3e911a451518fdc3b48f7bb3f7f
  • alt-php70-mysqlnd_7.0.33-124_amd64.deb
    sha:9f48fefbbbb1be71855eec406d7d250d07349c9a
  • alt-php70-odbc_7.0.33-124_amd64.deb
    sha:01d44f9ca94e1b0930b8f9e91392da3d2e4e49d6
  • alt-php70-opcache_7.0.33-124_amd64.deb
    sha:598ae595c8750fff6a275e5ccfe2d2758eae7271
  • alt-php70-pdo_7.0.33-124_amd64.deb
    sha:30a16d11a505f5c552ff7b8f8591f4949abea369
  • alt-php70-pgsql_7.0.33-124_amd64.deb
    sha:d749d24b8081ce71271022fbae56e01ad03a9dcd
  • alt-php70-process_7.0.33-124_amd64.deb
    sha:7ae609608af6207bc76e6a9cf4243b88cb9fb159
  • alt-php70-pspell_7.0.33-124_amd64.deb
    sha:fef978e308c878a2920d2d030e47331358a03466
  • alt-php70-recode_7.0.33-124_amd64.deb
    sha:e7630797b313273c45dd8e40360bc0d07fa72ccc
  • alt-php70-snmp_7.0.33-124_amd64.deb
    sha:9fab0502821a06275e836806a3a3222cab08c754
  • alt-php70-soap_7.0.33-124_amd64.deb
    sha:4f686a80784f4644db805e5c2a0b09929005cad9
  • alt-php70-tidy_7.0.33-124_amd64.deb
    sha:c916fb5d970d5f8a5b37e94c8db334536c19d376
  • alt-php70-xml_7.0.33-124_amd64.deb
    sha:98ddf8e1ffabf5460584c4a27315a5d310f68e2b
  • alt-php70-xmlrpc_7.0.33-124_amd64.deb
    sha:47afe34aa7a263f26616bbbeb1f484c25fcd9cff
  • alt-php70_7.0.33-124_arm64.deb
    sha:5ecf608b60658478c255fdcb7b101e4d18a2a680
  • alt-php70-bcmath_7.0.33-124_arm64.deb
    sha:6e7a270145d69ff9865457d00038dc94d6296ebc
  • alt-php70-cli_7.0.33-124_arm64.deb
    sha:a595effdfef33eebef00c01c9bfc8a875c6ac229
  • alt-php70-common_7.0.33-124_arm64.deb
    sha:d5967fabe1251e1df2c03d82d7e5574c5a3c6bc8
  • alt-php70-dba_7.0.33-124_arm64.deb
    sha:d7461c1e5c42bb5ec968e8709dd579f8d2892b4f
  • alt-php70-dev_7.0.33-124_arm64.deb
    sha:c02d507a9eeaf2e3c04838872457b416766523a2
  • alt-php70-enchant_7.0.33-124_arm64.deb
    sha:a85c001ecb70771954c55692d327cd43df72faee
  • alt-php70-firebird_7.0.33-124_arm64.deb
    sha:7945b99fadeffaadcfef4d3e0eb429f62dcc789c
  • alt-php70-fpm_7.0.33-124_arm64.deb
    sha:bde69acda2b8d2902502b079112ed937f940430b
  • alt-php70-gd_7.0.33-124_arm64.deb
    sha:06a029d12e9f0f23f40e584b566733405668a86f
  • alt-php70-imap_7.0.33-124_arm64.deb
    sha:6f20f146fc05f176890d3382b5a78a537f6e4ede
  • alt-php70-intl_7.0.33-124_arm64.deb
    sha:c7600d356e52d9f5ecc93f64633176c92a39aecf
  • alt-php70-ldap_7.0.33-124_arm64.deb
    sha:1afda29eb87270145e3d4b1307942d2a3e211b6d
  • alt-php70-mbstring_7.0.33-124_arm64.deb
    sha:af0f9b26317d7be29fff3215b241ef682be3ab8e
  • alt-php70-mcrypt_7.0.33-124_arm64.deb
    sha:000869c5c9ed6bc802b5ed546acda9a546ff2760
  • alt-php70-mysqlnd_7.0.33-124_arm64.deb
    sha:f2bb31c5ad49e2394bb3d75e2f129168769a19b0
  • alt-php70-odbc_7.0.33-124_arm64.deb
    sha:5ea633d461c1e6d693b9fd3469063af05c730063
  • alt-php70-opcache_7.0.33-124_arm64.deb
    sha:0eae9fcb40907a8a087f42b38daa50b16252823e
  • alt-php70-pdo_7.0.33-124_arm64.deb
    sha:aee9ffc6daca619a452c5ccc54dee226cd216b83
  • alt-php70-pgsql_7.0.33-124_arm64.deb
    sha:31c174a9d4479f6a2b9d12fbc6f1bee78349ce2f
  • alt-php70-process_7.0.33-124_arm64.deb
    sha:3bc11e71ca7c1c9f315c953150eb90cbc67fee70
  • alt-php70-pspell_7.0.33-124_arm64.deb
    sha:37affc900a2b126128ef07bb33806ec61b153bef
  • alt-php70-recode_7.0.33-124_arm64.deb
    sha:ff5192ac51e61fea79549d37a052b46c9ffb4850
  • alt-php70-snmp_7.0.33-124_arm64.deb
    sha:81da2c2d7501330631f505cdf3aaf9b565cea62d
  • alt-php70-soap_7.0.33-124_arm64.deb
    sha:6bac0bd8d6d65056c47e2d886926f7f3bf11e06a
  • alt-php70-tidy_7.0.33-124_arm64.deb
    sha:790a334e376945c1c5da800af029c14af3e11932
  • alt-php70-xml_7.0.33-124_arm64.deb
    sha:54bf6b28a5be53a514d822a7e739998b71caae44
  • alt-php70-xmlrpc_7.0.33-124_arm64.deb
    sha:f54317befda37f1a79a91412cd00711fba00531f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.