[CLSA-2026:1779294114] Fix CVE(s): CVE-2026-6722, CVE-2026-6735, CVE-2026-7261, CVE-2026-7262
Type:
security
Severity:
Critical
Release date:
2026-05-20 16:22:00 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-5.3-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — adapt addref/dtor changes to pre-PHP7 zval** SOAP API. - Note: the 5.3 backport applies the addref half of the upstream fix only; the matching ref_map destructor change (NULL -> ZVAL_PTR_DTOR) is intentionally omitted because in 5.x ref_map is heterogeneous (stores both xmlNodePtr and zval* entries through the same API) and a ZVAL_PTR_DTOR would corrupt the xmlNodePtr entries. The addref alone closes the UAF; cost is one bounded zval leak per request, released with the emalloc pool at RSHUTDOWN. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-5.3-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: soap extension use-after-free after header parsing failure with SOAP_PERSISTENCE_SESSION - debian/patches/php-5.3-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — wrap both zval_ptr_dtor(&soap_obj) sites in the header-handler failure paths with a persistance!=SOAP_PERSISTENCE_SESSION guard. - CVE-2026-7261 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri and query_string - debian/patches/php-5.3-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — fix bogus `ENT_HTML_IGNORE_ERRORS & ENT_COMPAT` (= 0) flag and add a parallel escape block for request_uri. - Note: upstream (PHP 8.x) routes JSON status output through php_json_encode_string(), which is not exported on 5.x. The 5.3 backport therefore applies the same HTML entity escape to both the HTML and JSON paths via the shared request_uri / query_string buffers. Consumers of `/status?json` will now see HTML-entity-encoded bytes in those fields (e.g. `&` instead of `&`); entities decode back to the original byte but JSON consumers must be prepared to handle them. - CVE-2026-6735
Updated packages:
  • alt-php53_5.3.29-195_amd64.deb
    sha:47352e09207eeb2671affba0dab1f0e954fd694d
  • alt-php53-bcmath_5.3.29-195_amd64.deb
    sha:e70de21006baae7273e511043d8e27a9e08dfc42
  • alt-php53-cli_5.3.29-195_amd64.deb
    sha:2615f6694a28e1c7bda7134b8e8ad49fe13a9cee
  • alt-php53-common_5.3.29-195_amd64.deb
    sha:32b27a737302b7be431446daecbe4c4d1baa407f
  • alt-php53-dba_5.3.29-195_amd64.deb
    sha:39135a68eb86cba6fc54d7893a08a2d279b33a48
  • alt-php53-dbx_5.3.29-195_amd64.deb
    sha:4aac101034aba2f0dcfd495c4b9463da2e9f766f
  • alt-php53-dev_5.3.29-195_amd64.deb
    sha:eb1b2a8c6f96f2b4371a9a3dafed3e81f01c3739
  • alt-php53-enchant_5.3.29-195_amd64.deb
    sha:c831dea62f1e7e83e8bb842256ac466fd838b667
  • alt-php53-firebird_5.3.29-195_amd64.deb
    sha:e680b5e48f4161a993bd2bb971209ea288b8cd31
  • alt-php53-fpm_5.3.29-195_amd64.deb
    sha:18588fa27378fa01cb4ebc5125dda97610a8ddba
  • alt-php53-gd_5.3.29-195_amd64.deb
    sha:5c335ff25336c2510eda133a7a9b8218164a8ba4
  • alt-php53-imap_5.3.29-195_amd64.deb
    sha:f140a2d414f39547ee0c56c1a883740acb904c69
  • alt-php53-intl_5.3.29-195_amd64.deb
    sha:e38f818b9782397a6bcda3bfb4496f6942a1f241
  • alt-php53-ldap_5.3.29-195_amd64.deb
    sha:f4a9f7b0d2051e6c496616ea2af54ecc8d93abe5
  • alt-php53-mbstring_5.3.29-195_amd64.deb
    sha:11da2c299d5e4e48db86928b29a930230efbcac2
  • alt-php53-mcrypt_5.3.29-195_amd64.deb
    sha:e684d20d589b140fb27ca159ee432b60f4ead0b2
  • alt-php53-mssql_5.3.29-195_amd64.deb
    sha:cd0e61b27d3cdffa86e77cffdadcc6cc067e7bf8
  • alt-php53-mysqlnd_5.3.29-195_amd64.deb
    sha:88ecb49cd907d112f6a8752e6ba464145bc2baa5
  • alt-php53-odbc_5.3.29-195_amd64.deb
    sha:1782208c80c455edc3dcf5f1d75523e292976c12
  • alt-php53-pdo_5.3.29-195_amd64.deb
    sha:e29d666cadcb8aced8bdcbec213589ecd1d1d71d
  • alt-php53-pgsql_5.3.29-195_amd64.deb
    sha:872f4d88414ce86d2030af9db4ed5fe5d107e5b8
  • alt-php53-process_5.3.29-195_amd64.deb
    sha:82841081d082b9a0f20c5bd5c7a07eaf54b8d823
  • alt-php53-pspell_5.3.29-195_amd64.deb
    sha:04c5afd476d753af40056591390e486d339646a9
  • alt-php53-recode_5.3.29-195_amd64.deb
    sha:8278f04d9e99367a3a80f19377ea8c45b3ea152a
  • alt-php53-snmp_5.3.29-195_amd64.deb
    sha:3b91860897bca45f1a584036da3fb29caa44ebfe
  • alt-php53-soap_5.3.29-195_amd64.deb
    sha:f4acd941e532c6e4cdd5f882157798d386088fd5
  • alt-php53-sybase_5.3.29-195_amd64.deb
    sha:5e9ff708edfcb3e189ea8f20bbc38f879d96ef6c
  • alt-php53-tidy_5.3.29-195_amd64.deb
    sha:9fc2163b5c0c7bf3b4ba187ab18331fe6aa1b74c
  • alt-php53-xml_5.3.29-195_amd64.deb
    sha:83fea1240b1fd4239ee6328ec31189a912dd1185
  • alt-php53-xmlrpc_5.3.29-195_amd64.deb
    sha:25e0796d5a7b30d2ea3b68aaec9c5822d9a05113
  • alt-php53_5.3.29-195_arm64.deb
    sha:c9b62846daad9f31cfec7a2b356a9ab75a719eee
  • alt-php53-bcmath_5.3.29-195_arm64.deb
    sha:6ebca2fac426a54d6c60b1278dadbdfe1397fc11
  • alt-php53-cli_5.3.29-195_arm64.deb
    sha:29a6e2dca618d6464ae45d6b9d66ffbe672f1dc2
  • alt-php53-common_5.3.29-195_arm64.deb
    sha:1cea5a034f1b24e1ad9f7eb859566d87dd3ff1e5
  • alt-php53-dba_5.3.29-195_arm64.deb
    sha:cefc47fa4d1940553295378ae3ca4a2dfa1bfa03
  • alt-php53-dbx_5.3.29-195_arm64.deb
    sha:6e07864cf3f1c56edcf6e93152bfe6d601a2d6aa
  • alt-php53-dev_5.3.29-195_arm64.deb
    sha:5afa6e8c72854dea6851236290d7224297cdde8a
  • alt-php53-enchant_5.3.29-195_arm64.deb
    sha:fe538d75ebd0756ccb09e94c79eba4485efd1a99
  • alt-php53-firebird_5.3.29-195_arm64.deb
    sha:c485e052c504962882c1dff7d8cc1ffeff465422
  • alt-php53-fpm_5.3.29-195_arm64.deb
    sha:cfb4be1bb34a96b90f354a1ba800a9cee972da70
  • alt-php53-gd_5.3.29-195_arm64.deb
    sha:f358aa6ed69969a8cf1e89d04de5f77a10046260
  • alt-php53-imap_5.3.29-195_arm64.deb
    sha:32cf963ae522d92d3a52b4f57d36d344377a061e
  • alt-php53-intl_5.3.29-195_arm64.deb
    sha:98c94f85431f9da63bfe36ccaa093ca2c75aeacf
  • alt-php53-ldap_5.3.29-195_arm64.deb
    sha:1be96176284cac03783f10d1de0a6b85c5915cdc
  • alt-php53-mbstring_5.3.29-195_arm64.deb
    sha:5a881948e19c0ef1d83e4f9b2c211f0af4d78f92
  • alt-php53-mcrypt_5.3.29-195_arm64.deb
    sha:dfbf224d486cd51d62cb0d439bb1a330d63830c0
  • alt-php53-mssql_5.3.29-195_arm64.deb
    sha:c403caf5b14743d666a5b846c5431768aece30a6
  • alt-php53-mysqlnd_5.3.29-195_arm64.deb
    sha:25837077ca2b28937de24fd1076d28ea4309e4a6
  • alt-php53-odbc_5.3.29-195_arm64.deb
    sha:9495dcef5f716ae6f84313146fde52a5b9182350
  • alt-php53-pdo_5.3.29-195_arm64.deb
    sha:a3b6afd4d6969e3d2ffde39ee03c6902c15557a3
  • alt-php53-pgsql_5.3.29-195_arm64.deb
    sha:11af991e427097ea4c72377e0e00dc6abd1e5bd0
  • alt-php53-process_5.3.29-195_arm64.deb
    sha:a7752c6a07d4acdcee85d35847a4c98903bd9e7d
  • alt-php53-pspell_5.3.29-195_arm64.deb
    sha:90de95c87a673e745156e1d0c74160aa17937b4f
  • alt-php53-recode_5.3.29-195_arm64.deb
    sha:c3293260e61e0b040c6e91b6a4cbf747159e484e
  • alt-php53-snmp_5.3.29-195_arm64.deb
    sha:5a8124d3f7c30832aa423bbe29ffeaed45f81cce
  • alt-php53-soap_5.3.29-195_arm64.deb
    sha:262a3960a78767cfa1361d7490b8e6da7528bebe
  • alt-php53-sybase_5.3.29-195_arm64.deb
    sha:d138d5f97917bea998c747344e68b6ee5b28e9e2
  • alt-php53-tidy_5.3.29-195_arm64.deb
    sha:23684fce73e9479701523ead2a064df636aad6de
  • alt-php53-xml_5.3.29-195_arm64.deb
    sha:8cfa6e3fe3f28cf2fe9f87b69982577b229a3f14
  • alt-php53-xmlrpc_5.3.29-195_arm64.deb
    sha:a4609db98f474098698367a769903a8da4adb93e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.