[CLSA-2026:1779447431] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 10:57:16 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.3-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.3-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.3-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.3-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.3-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php73_7.3.33-59_amd64.deb
    sha:1449f83159a3887fd47ee8a8c9c804483a22c78b
  • alt-php73-bcmath_7.3.33-59_amd64.deb
    sha:fc5a1a8507a4517f1786c55b0b230563cd7c35ce
  • alt-php73-cli_7.3.33-59_amd64.deb
    sha:9e0cebf65e5b5cf7318341ff9f00cf2de77b6424
  • alt-php73-common_7.3.33-59_amd64.deb
    sha:13a983a19c83bd848ef992b7d6077fcbc378d6af
  • alt-php73-dba_7.3.33-59_amd64.deb
    sha:af6304026f89148c90fea3ba119931929f5a0ca8
  • alt-php73-dev_7.3.33-59_amd64.deb
    sha:453b5385cde336996729e6521487e4a8529afac6
  • alt-php73-enchant_7.3.33-59_amd64.deb
    sha:e8f754a90846856e3e877a5378d5c9c6fadb427d
  • alt-php73-firebird_7.3.33-59_amd64.deb
    sha:f1ee04b7fa33105846b3ac35c60d2254ad117fd4
  • alt-php73-fpm_7.3.33-59_amd64.deb
    sha:15f788dfd7389cd80349051d71cf8f77faed5256
  • alt-php73-gd_7.3.33-59_amd64.deb
    sha:414a9774bd1f8f410bc165337ff42829e324b35b
  • alt-php73-imap_7.3.33-59_amd64.deb
    sha:f45eb66dcfb869fa1123fefd4a38828288b9f4f2
  • alt-php73-intl_7.3.33-59_amd64.deb
    sha:28034da5c4169bc9daa344f1348709b565b21b04
  • alt-php73-ldap_7.3.33-59_amd64.deb
    sha:46c85f183f1eade82840cc401d90b9d8d799fdaf
  • alt-php73-mbstring_7.3.33-59_amd64.deb
    sha:cad081c177dc8c6bbbd25906634370b8bb7d220d
  • alt-php73-mysqlnd_7.3.33-59_amd64.deb
    sha:0f5e8f8bcb5dd8416cbf61567327dcee09079632
  • alt-php73-odbc_7.3.33-59_amd64.deb
    sha:901cc744a11c9faf81e7310d8c4d9d0d9a973566
  • alt-php73-opcache_7.3.33-59_amd64.deb
    sha:0a641c5822f29c17ad7ce7046dd4e0664483a159
  • alt-php73-pdo_7.3.33-59_amd64.deb
    sha:e9ae50842185c7d21dd6adfe726fb26cff474c0b
  • alt-php73-pgsql_7.3.33-59_amd64.deb
    sha:2f756ce4af840367323fad4a9ce3cdc5e5772db2
  • alt-php73-process_7.3.33-59_amd64.deb
    sha:1d676876e367332e65d7e76c2026aa35bf534871
  • alt-php73-pspell_7.3.33-59_amd64.deb
    sha:ff706588806828ef033ea2c1d183e337afec84ff
  • alt-php73-recode_7.3.33-59_amd64.deb
    sha:f7cfe3677fd13f1e3d90720a605b948c60e1a166
  • alt-php73-snmp_7.3.33-59_amd64.deb
    sha:29ab1ab775a1d15df38ae7782166c486e1603f5e
  • alt-php73-soap_7.3.33-59_amd64.deb
    sha:532b0308e74d2ab2a10bc26fece56b4df08ccd29
  • alt-php73-sodium_7.3.33-59_amd64.deb
    sha:187fac270af1df143c0391c6d83abeda5b17e552
  • alt-php73-tidy_7.3.33-59_amd64.deb
    sha:b75c588cc2bd2ba452d0e077eeb64fd12955b29c
  • alt-php73-xml_7.3.33-59_amd64.deb
    sha:27b42ff4e1698d14a04ef856f5cb12af8a38747d
  • alt-php73-xmlrpc_7.3.33-59_amd64.deb
    sha:59dcf3bc05ef2a529d89a806dc90cfb900043dd6
  • alt-php73_7.3.33-59_arm64.deb
    sha:982784dc9b09f93d58f3e1785a7acddcd89c39c4
  • alt-php73-bcmath_7.3.33-59_arm64.deb
    sha:05450356e5ac66942b8e407c4d196a64c0b995d8
  • alt-php73-cli_7.3.33-59_arm64.deb
    sha:972e6d10518fdf273bfcfa98f945edd7efce7344
  • alt-php73-common_7.3.33-59_arm64.deb
    sha:eb7d6cc3825462e4c66e703df6536ccd2fed80a3
  • alt-php73-dba_7.3.33-59_arm64.deb
    sha:ed1a2bbc7026776cd09cf12394e3d3dbe91a407d
  • alt-php73-dev_7.3.33-59_arm64.deb
    sha:c10ba9bb1ea45ccd989ec1299e84ac2e42a67b86
  • alt-php73-enchant_7.3.33-59_arm64.deb
    sha:99107377a0bea21908c3b99494e02c91c69e5eef
  • alt-php73-firebird_7.3.33-59_arm64.deb
    sha:bcc51bcb5b47dfdd56f6ca46560281633bd8a7d0
  • alt-php73-fpm_7.3.33-59_arm64.deb
    sha:e0de75b5454eb129db041ed065085bcd0003d805
  • alt-php73-gd_7.3.33-59_arm64.deb
    sha:fadc7f3aaff5bc8b8558f5300b5956e6bcede37f
  • alt-php73-imap_7.3.33-59_arm64.deb
    sha:55010ef8b805fa0fc9eaa55a011dc516158edb6c
  • alt-php73-intl_7.3.33-59_arm64.deb
    sha:47b8989521b41aa97514f68e6a37c802ef85bad3
  • alt-php73-ldap_7.3.33-59_arm64.deb
    sha:983bf99b35e33b1c5959f6d8939149e0e1fb7057
  • alt-php73-mbstring_7.3.33-59_arm64.deb
    sha:31430efdf5901d7605ceaaa305f1d242c1081e81
  • alt-php73-mysqlnd_7.3.33-59_arm64.deb
    sha:2c7c291d51e42d679a93baded79440566c0d431e
  • alt-php73-odbc_7.3.33-59_arm64.deb
    sha:a03a9b500e4e9c041a3d8212df76dea0a15d5253
  • alt-php73-opcache_7.3.33-59_arm64.deb
    sha:c196ccc6c6161af0396e4d77e9ecd08ba962a3f2
  • alt-php73-pdo_7.3.33-59_arm64.deb
    sha:fb43a1a821d47a5a2c507c2d311ab0f3ab3a4623
  • alt-php73-pgsql_7.3.33-59_arm64.deb
    sha:de56d32bb666187f0ace963f6a28c991d961c013
  • alt-php73-process_7.3.33-59_arm64.deb
    sha:bd80e603da395d39d3c286a3fa4c90e01216047f
  • alt-php73-pspell_7.3.33-59_arm64.deb
    sha:e3b14258d392285f421a80c9f9dd73fec5ac9495
  • alt-php73-recode_7.3.33-59_arm64.deb
    sha:058d3f3bd260845c94a74c482069b6cdd115cbd9
  • alt-php73-snmp_7.3.33-59_arm64.deb
    sha:87d7463cb0cb4978509c88aacdc87f1804f20621
  • alt-php73-soap_7.3.33-59_arm64.deb
    sha:2a8da9c3d7599f5359be27062d728d508fc6d56d
  • alt-php73-sodium_7.3.33-59_arm64.deb
    sha:46c0dc647bdf58565a4aa6c2c6aa3967924f829b
  • alt-php73-tidy_7.3.33-59_arm64.deb
    sha:682b643dc844eb09c049b155b1278a36a691af87
  • alt-php73-xml_7.3.33-59_arm64.deb
    sha:7d8893f3bc1b7a72123b908c30b8c5ba047b7500
  • alt-php73-xmlrpc_7.3.33-59_arm64.deb
    sha:2688ecc086b802d766024fafd101f5c71d3be114
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.