[CLSA-2026:1779445430] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 10:23:56 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.1-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.1-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.1-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.1-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.1-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php71_7.1.33-90_amd64.deb
    sha:31dc893f2196fa5a58c69aaafc3ebe324342c301
  • alt-php71-bcmath_7.1.33-90_amd64.deb
    sha:6f7b755065a395834495004fca59e8dddd5107c3
  • alt-php71-cli_7.1.33-90_amd64.deb
    sha:02fa9b58506a1002eaa34808b77a32fd51f68e85
  • alt-php71-common_7.1.33-90_amd64.deb
    sha:f6822fcd795656fa2f1bf033ddce161bebd6458b
  • alt-php71-dba_7.1.33-90_amd64.deb
    sha:7a627745d62f2997016faabc88f1d007bb9ba77c
  • alt-php71-dev_7.1.33-90_amd64.deb
    sha:54de6372282cbf06f7d364bb55de50f46989c23f
  • alt-php71-enchant_7.1.33-90_amd64.deb
    sha:49e064e7103c9b944478681f73639dfafb50451f
  • alt-php71-firebird_7.1.33-90_amd64.deb
    sha:1e76c09c28f7b8ffa116a691798664c904b73998
  • alt-php71-fpm_7.1.33-90_amd64.deb
    sha:95d94c1da038e7184d722f3f59d39949ba74278b
  • alt-php71-gd_7.1.33-90_amd64.deb
    sha:6eeec32e97da85f4da07ba2090deda7ad9905f7e
  • alt-php71-imap_7.1.33-90_amd64.deb
    sha:9365884d9d6bd17a89236d5f35cd2226256b55dc
  • alt-php71-intl_7.1.33-90_amd64.deb
    sha:297a8d2aa75f1046d9169fff20e0bbd0a49a3e58
  • alt-php71-ldap_7.1.33-90_amd64.deb
    sha:3459fe313a49fcc306e6b7893b33d67f2ef6a92a
  • alt-php71-mbstring_7.1.33-90_amd64.deb
    sha:a617002c3f36f18865170b718c5a8ad878523a2a
  • alt-php71-mcrypt_7.1.33-90_amd64.deb
    sha:23727c5650450b7bfa76e87256fec42f1cf12476
  • alt-php71-mysqlnd_7.1.33-90_amd64.deb
    sha:315adcc92ff5d59f935dac19b627827e0511aa9b
  • alt-php71-odbc_7.1.33-90_amd64.deb
    sha:cf624b872b28b31346d3acf4c3fc555176cd66e4
  • alt-php71-opcache_7.1.33-90_amd64.deb
    sha:448c061ce13ccbbb45c2040f2f6a287c0aa2c73b
  • alt-php71-pdo_7.1.33-90_amd64.deb
    sha:2bcd5ee2c0dda775f1197e2d55606ac38563ce87
  • alt-php71-pgsql_7.1.33-90_amd64.deb
    sha:97dc6fda93a0d1a09aeb0a3253372099f7f05df2
  • alt-php71-process_7.1.33-90_amd64.deb
    sha:1ebc966a04654720df5b7d7c16bbd93102ab5645
  • alt-php71-pspell_7.1.33-90_amd64.deb
    sha:6c516a4576e6b2153c7aa659b262299c42e2cdca
  • alt-php71-recode_7.1.33-90_amd64.deb
    sha:85a40fa67103fb108c3779d8a5a94a92f6a0da6e
  • alt-php71-snmp_7.1.33-90_amd64.deb
    sha:e904302dd0152fca81e1e6e08a8310b191cf2d84
  • alt-php71-soap_7.1.33-90_amd64.deb
    sha:48722f27cd47095e8a26d6bded4de01722c1fd75
  • alt-php71-tidy_7.1.33-90_amd64.deb
    sha:55728b32bae9a6671f8b94e54b5b55c22cec63b3
  • alt-php71-xml_7.1.33-90_amd64.deb
    sha:7d15b53f63fbbb306cff0974c776151b220d8aa2
  • alt-php71-xmlrpc_7.1.33-90_amd64.deb
    sha:9f39644652a70eb8028dbcf83534d485e3a6628a
  • alt-php71_7.1.33-90_arm64.deb
    sha:3bfb088b834494256e1810d97b21519b035ac9bb
  • alt-php71-bcmath_7.1.33-90_arm64.deb
    sha:a3781b0a524da2fc0d5c79a5e9d6710d133e1ae3
  • alt-php71-cli_7.1.33-90_arm64.deb
    sha:6d5cee23a63d5f2702f839bd38d02e5e0c0dddba
  • alt-php71-common_7.1.33-90_arm64.deb
    sha:737943b5a461d0f25c09e1e068041d7436f4f89e
  • alt-php71-dba_7.1.33-90_arm64.deb
    sha:4a9a3a9f0052ec086b553253f4a041b196d3188a
  • alt-php71-dev_7.1.33-90_arm64.deb
    sha:70ba4f8ede51c5f86effb2187614ac12e3ef0393
  • alt-php71-enchant_7.1.33-90_arm64.deb
    sha:208ab7d722d23fc9477d961de2d79c87ea893519
  • alt-php71-firebird_7.1.33-90_arm64.deb
    sha:ed782f28d0dc87c3b7f5a7e1df4cd4675fd28ee1
  • alt-php71-fpm_7.1.33-90_arm64.deb
    sha:5f4b6910c7f0363b5b76b56a4333f36adce36946
  • alt-php71-gd_7.1.33-90_arm64.deb
    sha:33e146367db3b14544cacc9ce7de2636e704d3e3
  • alt-php71-imap_7.1.33-90_arm64.deb
    sha:65dac0ea21991ae7baea174878e3df626121b0fa
  • alt-php71-intl_7.1.33-90_arm64.deb
    sha:08df18a5bc5002889efa975d647b42c93e161fd8
  • alt-php71-ldap_7.1.33-90_arm64.deb
    sha:7075eafbebcbd9ef2dc34d692cb20e1d97b56bcc
  • alt-php71-mbstring_7.1.33-90_arm64.deb
    sha:91ab72561acb716e0a15e7a7e4d70e35adabd9d9
  • alt-php71-mcrypt_7.1.33-90_arm64.deb
    sha:1e78e68a0804f6b60c39907b847b45b65d663dfc
  • alt-php71-mysqlnd_7.1.33-90_arm64.deb
    sha:c85722b310a27b798609e2b078df3c3c75582ebc
  • alt-php71-odbc_7.1.33-90_arm64.deb
    sha:408275e5c34798f2e59574656e97e5bfccb9ef3d
  • alt-php71-opcache_7.1.33-90_arm64.deb
    sha:0a41d55a9441d7eb8f5155f92f24ae797da864ed
  • alt-php71-pdo_7.1.33-90_arm64.deb
    sha:41659de3529491a436245c35be10cb5587cf7686
  • alt-php71-pgsql_7.1.33-90_arm64.deb
    sha:1b41c8e146f71ccd56131ec975a6ac9dcc418d43
  • alt-php71-process_7.1.33-90_arm64.deb
    sha:3a13b9d57d82b7c061d4b185256ac8215a9104e5
  • alt-php71-pspell_7.1.33-90_arm64.deb
    sha:3b89a92bafca8aedc07847ab5be366fb151babaa
  • alt-php71-recode_7.1.33-90_arm64.deb
    sha:eec2eaa2f56d8b7566c0c5ac306cbe8113b3dc69
  • alt-php71-snmp_7.1.33-90_arm64.deb
    sha:5210aacec8dcf43eec1e5472c0a570e06e377545
  • alt-php71-soap_7.1.33-90_arm64.deb
    sha:c26b1cc1fe53303b957221869ff1a593d88b5796
  • alt-php71-tidy_7.1.33-90_arm64.deb
    sha:19daf73069adfa615479ec6f46fc5cd7068282c8
  • alt-php71-xml_7.1.33-90_arm64.deb
    sha:4bb097717e238d24131b309623088a0192b45e0d
  • alt-php71-xmlrpc_7.1.33-90_arm64.deb
    sha:ec2360c4a90d756d68ad231ea4daeb21cd9653f0
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.