[CLSA-2026:1779282984] alt-php80: Fix of 7 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-20 15:44:25 UTC
Description:
- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys - CVE-2025-14179: pdo_firebird SQL injection via NUL bytes in quoted strings - CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value - CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri - CVE-2026-7259: mbstring NULL pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() with Oniguruma-only encodings (iso-8859-11, UJIS, KOI8-R, ...) - CVE-2026-7261: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - CVE-2026-7568: metaphone() signed integer overflow when called with >INT_MAX byte input on 64-bit builds
Updated packages:
  • alt-php80-8.0.30-42.el7.x86_64.rpm
    sha:4ac50c2a8107f4ad3cde457d4ff89c592991392460ee978359f87335d20c93dd
  • alt-php80-bcmath-8.0.30-42.el7.x86_64.rpm
    sha:98b73b17bb52b5354ef567bb42f5a8818b2423e8d7099762d7dd925543e4bcb5
  • alt-php80-cli-8.0.30-42.el7.x86_64.rpm
    sha:b4a31b7737749692d6a19f0a675ec497f9706e4cf366e312aaadc6ec1060a6a8
  • alt-php80-common-8.0.30-42.el7.x86_64.rpm
    sha:da0c049f23b5599c32dc8980fa65d5ecd5dfd1a1145e52a7c5dd35bc2b00660d
  • alt-php80-dba-8.0.30-42.el7.x86_64.rpm
    sha:e632706ef7be1b0bce7bebb9b6682477dc83064a5eb0494e09f298378ea3eaa7
  • alt-php80-devel-8.0.30-42.el7.x86_64.rpm
    sha:dc64e493f685a721c6a869870ba732af8586c03b1a48c2c4e5176bc1c8448e0e
  • alt-php80-enchant-8.0.30-42.el7.x86_64.rpm
    sha:9575669bb92f7c2624920e9299c9f5da610d475eb1d10e10b63b0fb505fcd133
  • alt-php80-firebird-8.0.30-42.el7.x86_64.rpm
    sha:90575ba9901f7f4c540c68dde1afffd27e91d0f2655538cd77165bfaf240fe65
  • alt-php80-gd-8.0.30-42.el7.x86_64.rpm
    sha:4397671f635fc5411f3b6caa50babc2c703554db6942da328a708e415f5b9710
  • alt-php80-imap-8.0.30-42.el7.x86_64.rpm
    sha:e1cb6018a87592c56e5179e3c6ce044b31c41bf0899d1821bbfeb0aeec178db1
  • alt-php80-intl-8.0.30-42.el7.x86_64.rpm
    sha:3ca2cfb6d09c8736e3bcc05411bea61b0cee96e9a555da701b159dd18e22fa6d
  • alt-php80-ldap-8.0.30-42.el7.x86_64.rpm
    sha:3ef0d33adf8dd6b1d178dd110d7deb38c3b5b950fc9b2b6596346f06a869d9fd
  • alt-php80-mbstring-8.0.30-42.el7.x86_64.rpm
    sha:4d544ca7c054b4bccacc9b32020ac83ff7c71bb1b62fb1f4f3459824c1aff0df
  • alt-php80-mysqlnd-8.0.30-42.el7.x86_64.rpm
    sha:ae8321cd1cdd41640050b03725dbfd70dcf04d3c88fb4c94fd3e215ff14bd6b5
  • alt-php80-odbc-8.0.30-42.el7.x86_64.rpm
    sha:6bf6277dfa6be9fb33712f6c32057e4f1aa91c4ba907ac1faac919ec1929065d
  • alt-php80-opcache-8.0.30-42.el7.x86_64.rpm
    sha:6872a1539f69428ca86473e016167e71aa2a0df6fb6e0b983e77548877300a14
  • alt-php80-pdo-8.0.30-42.el7.x86_64.rpm
    sha:b11aec38f77724b5af2ec5dabb78e852f70df9c5c3c46f3cebb45a34e3ecbf26
  • alt-php80-pgsql-8.0.30-42.el7.x86_64.rpm
    sha:8722c1d33034dd62470d7ff14435871531fd74a31f7db0b7669dfe2351b5f2f7
  • alt-php80-php-fpm-8.0.30-42.el7.x86_64.rpm
    sha:97b86959131d59d169643fa28eb3b57625581548d580a256d4b4857cc171d345
  • alt-php80-process-8.0.30-42.el7.x86_64.rpm
    sha:6ec86a36a8462c035ec072f0de0f752f8c7df54bc5b229fcb72313b492b4e332
  • alt-php80-pspell-8.0.30-42.el7.x86_64.rpm
    sha:46ee021a2327f60fc2283e317786e3df9c4add3680b4971ec90fab09e2e641a6
  • alt-php80-snmp-8.0.30-42.el7.x86_64.rpm
    sha:dd6e0463d66adb870e04c7f08391adc47701e8dcd221bd9fa228fca8be8eed62
  • alt-php80-soap-8.0.30-42.el7.x86_64.rpm
    sha:904e44265b11f2750166f673c1cadba37177300793562bddf834be5b190a0876
  • alt-php80-sodium-8.0.30-42.el7.x86_64.rpm
    sha:f84830907bc9b1f6c1936b7bbd4f98a92767d84c32c45fa7fa5aadd2726a5788
  • alt-php80-tidy-8.0.30-42.el7.x86_64.rpm
    sha:c2ff90ffa9acddc098c9b174943dc1e365d5f4c647b6f3f8eab131c75f0bd105
  • alt-php80-xml-8.0.30-42.el7.x86_64.rpm
    sha:a861097cd9f65e3bfe888f319048c011019357cc865f1d848de9244ba4f1dd37
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.