[CLSA-2026:1779347281] alt-php53: Fix of 4 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-21 07:08:07 UTC
Description:
- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys (5.3 backport applies addref half only; ref_map ZVAL_PTR_DTOR is intentionally omitted because ref_map is heterogeneous in 5.x and the dtor would corrupt the xmlNodePtr entries — see patch header) - CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value - CVE-2026-7261: soap extension use-after-free with SOAP_PERSISTENCE_SESSION header parsing failure - CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri and query_string (5.3 backport applies HTML entity escape to both HTML and JSON /status endpoints since php_json_encode_string() isn't exported on 5.x — JSON consumers will see HTML entities in request_uri/query_string fields)
Updated packages:
  • alt-php53-5.3.29-193.el7.x86_64.rpm
    sha:3e7accb0dab68f3e88a08b4a9f3c2d4f946c5aa806a16aa76be1389aea0fdac7
  • alt-php53-bcmath-5.3.29-193.el7.x86_64.rpm
    sha:09ac86d217d1c5b2ad7d7b61c5a48edc24397ec3b229bee898f917cd53c300ca
  • alt-php53-cli-5.3.29-193.el7.x86_64.rpm
    sha:56faa72a72e47f5a7861621e48f59f0410dc70ff3ffd204c217dad083667868a
  • alt-php53-common-5.3.29-193.el7.x86_64.rpm
    sha:ce81f28b1ba2e1c3a80bb30bbb4d0ae4cd67fccecee8db69c4c455f40f1a899b
  • alt-php53-dba-5.3.29-193.el7.x86_64.rpm
    sha:fe3b9d669ae93ef72db38e014de55b1c49a8e83906f9d2314223b8e741255908
  • alt-php53-dbx-5.3.29-193.el7.x86_64.rpm
    sha:2a9da8b12bfe793927767365d3902d613d4b89a770b0f9752bffce75ebec4e90
  • alt-php53-devel-5.3.29-193.el7.x86_64.rpm
    sha:e6c8b82383ca42aa9ebc5528699af52946959011d68201b367332ff2a0bd3529
  • alt-php53-enchant-5.3.29-193.el7.x86_64.rpm
    sha:6fbaaa4a6bd5f65fbe3c94802d99301b81c7da7ed1f573a84652f3fe3c951326
  • alt-php53-firebird-5.3.29-193.el7.x86_64.rpm
    sha:3c53ff705ff66fd0a1fbe5f16d6eacef6aa2e8ba27137967e60a3fca990605a8
  • alt-php53-gd-5.3.29-193.el7.x86_64.rpm
    sha:232352740f128d6951862b70a4c7406a1365b11f5cab8fdc55c49d0d7cfe23cf
  • alt-php53-imap-5.3.29-193.el7.x86_64.rpm
    sha:2aa7c6e8def0ce6b6fb0f00c15d81e2d1874563d3cdf023fa26e0f084710c581
  • alt-php53-intl-5.3.29-193.el7.x86_64.rpm
    sha:83768262e1900cf9b7ef6870e457d43aa86f93ec3528cabb70285b696d1bf3f0
  • alt-php53-ldap-5.3.29-193.el7.x86_64.rpm
    sha:c82fd5b7747a2892c9a2dce476efe0468de566f77e4557616a9c8de0fa28fb26
  • alt-php53-mbstring-5.3.29-193.el7.x86_64.rpm
    sha:39ee4b1cc719349778882e0673b1a0044bd1e5e70d0c13bb416c2fcc9bbba9f0
  • alt-php53-mcrypt-5.3.29-193.el7.x86_64.rpm
    sha:d162daafc3b387c9d427e774426c5d6647ffaed6e728afac302006d00caff723
  • alt-php53-mssql-5.3.29-193.el7.x86_64.rpm
    sha:fa01c965138f9b2b0094eda65eaa4808435940e18f7f6e7e61e6f277351ccf8d
  • alt-php53-mysqlnd-5.3.29-193.el7.x86_64.rpm
    sha:fa3b0ea77881c22146d34f1eb852f00a4b7cf18b273d0cad8efe9a8f7d25f0c1
  • alt-php53-odbc-5.3.29-193.el7.x86_64.rpm
    sha:6f5db524e82e9de1cd48547db22303a1554bb07c8f0453fae88c69dec9958487
  • alt-php53-pdo-5.3.29-193.el7.x86_64.rpm
    sha:e4a480b4faf73d5965cb4c994efaa55da51b9c71e59609c4a6fafed131bfa5e7
  • alt-php53-pgsql-5.3.29-193.el7.x86_64.rpm
    sha:c3654bdd6ff805c6b980ccae3b7b716ab345b75793f3667f3093d7e6349f5ed2
  • alt-php53-php-fpm-5.3.29-193.el7.x86_64.rpm
    sha:b9791bb1a55109c782df9125db2b4a5e5af2e940f0811e26e6e5cea5960bc06a
  • alt-php53-process-5.3.29-193.el7.x86_64.rpm
    sha:a7b6ce4e519cf4fe225cd36da08e7e2cbbb97ded3a1168060447a88e245c117d
  • alt-php53-pspell-5.3.29-193.el7.x86_64.rpm
    sha:ef5a7cd3c1111bde136442051ff0990c447256151640d28144bf84f488da254c
  • alt-php53-recode-5.3.29-193.el7.x86_64.rpm
    sha:aa31f663a2a72eb9d3b80bfb542cb18dc6ed7b02eaf58f5c41b6b5fd3de01a94
  • alt-php53-snmp-5.3.29-193.el7.x86_64.rpm
    sha:454b4503bd11dd3f7986b10e627cbdba8af7b13b5b4657a2c957d13dcc6766b4
  • alt-php53-soap-5.3.29-193.el7.x86_64.rpm
    sha:c3c947d888e240e501d85b6171ec35e63b36b95bb802252e85fbadbcd6fa1b88
  • alt-php53-sqlite-5.3.29-193.el7.x86_64.rpm
    sha:7c94eb56249c429af926815cb2cd03b0d328745eb2252ed56c967cf3bb595901
  • alt-php53-sybase-5.3.29-193.el7.x86_64.rpm
    sha:3857ad9e95436cda5ca7553329eb0133d83e069e04952d8c856707403b8936ea
  • alt-php53-tidy-5.3.29-193.el7.x86_64.rpm
    sha:a973497919cec1d1e006a30365575e8fb3062d332b1cbfd6ae2ce66e95722407
  • alt-php53-xml-5.3.29-193.el7.x86_64.rpm
    sha:b0918c808dc3511d71305e7f68f8eb126bb60545926ad93611e8311a7a38ea5c
  • alt-php53-xmlrpc-5.3.29-193.el7.x86_64.rpm
    sha:64301ce35a5851cf013cdc88e81eedd318f47e55022721bc0435517f2f68d554
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.