CLSA-2026:1779369881

[CLSA-2026:1779369881] alt-php56: Fix of 4 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-21 14:28:24 UTC

Description:

- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys
  (5.6 backport applies addref half only; ref_map ZVAL_PTR_DTOR is
  intentionally omitted because ref_map is heterogeneous in 5.x and the
  dtor would corrupt the xmlNodePtr entries — see patch header)
- CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value
- CVE-2026-7261: soap extension use-after-free with SOAP_PERSISTENCE_SESSION header parsing failure
- CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri and query_string
  (5.6 backport applies HTML entity escape to both HTML and JSON /status
  endpoints since php_json_encode_string() isn't exported on 5.x — JSON
  consumers will see HTML entities in request_uri/query_string fields)

Updated packages:

alt-php56-5.6.40-122.el7.x86_64.rpm
sha:3d2a166f4884fe7511a7101c49571e4b0aa8fac6824556ea387a2f753ded09d1
alt-php56-bcmath-5.6.40-122.el7.x86_64.rpm
sha:474b15622416d7352a2795244510da51f46f78996a1ce4c6ef0d5e55fae92d89
alt-php56-cli-5.6.40-122.el7.x86_64.rpm
sha:e1b6d6153e5077015a70bed60c03f74c088c230f1e9814ca70138a2a9980cff1
alt-php56-common-5.6.40-122.el7.x86_64.rpm
sha:427a25a2cc3e407c5eb2d0bd5c34549b38fe19c10f8c20321eddfeadd29f13d7
alt-php56-dba-5.6.40-122.el7.x86_64.rpm
sha:17097754b63a83e36241b6a1a7be810818a2fb1526a0edfa06c52a46fe185f05
alt-php56-dbx-5.6.40-122.el7.x86_64.rpm
sha:ae1f89fe56a1a2f556382c8a1b7c19517c7e2c7b6101b33a21cd8755f9466159
alt-php56-devel-5.6.40-122.el7.x86_64.rpm
sha:be6ff3e9b4be661f11ca9d4f1ca7262d27205d5025b5e1799274e30efc5ad054
alt-php56-enchant-5.6.40-122.el7.x86_64.rpm
sha:40f804c5ed4a89c1d158838064187e9df5ee735dac2f66afeaa984154a7a2e1f
alt-php56-firebird-5.6.40-122.el7.x86_64.rpm
sha:4629687be54f8b235f1845908ac95edb2bc457a88c68efc5a94dcbe8eed1c510
alt-php56-gd-5.6.40-122.el7.x86_64.rpm
sha:749456aaf08ed5fc3d4ab545533db5cc302426b5645866c4878966d49a042163
alt-php56-imap-5.6.40-122.el7.x86_64.rpm
sha:c980bd533ca82919959d4ce5146f1b5673baf3b37cc99ff5ecbf220c3d6f1f5e
alt-php56-intl-5.6.40-122.el7.x86_64.rpm
sha:a8e9763188c560bc29c201df700cd62b950d0e3a7044d37ed734c228345a6bdf
alt-php56-ldap-5.6.40-122.el7.x86_64.rpm
sha:3636d18abe09d561e744f0dfb51797d4b5758991b2046b6909d228837d148470
alt-php56-mbstring-5.6.40-122.el7.x86_64.rpm
sha:073ccf9ba0cec1a11f657eed8f664a2ddd7e0647ebf4e918a13dd8e78bb28e8b
alt-php56-mcrypt-5.6.40-122.el7.x86_64.rpm
sha:38d7b5ab09971946712754a8e2ba32517a3cf7be940f87ccd9c0201186734be2
alt-php56-mssql-5.6.40-122.el7.x86_64.rpm
sha:bb26f0a68388fd1f9917ce9c83008dbb304c78d3f96591b19eaa002d6440e1cd
alt-php56-mysqlnd-5.6.40-122.el7.x86_64.rpm
sha:5900811fd607924e2d7619a439841e69a05f944f56140759774a9725ee6385a4
alt-php56-odbc-5.6.40-122.el7.x86_64.rpm
sha:4d2f133ee9d3fba5768f84c24d78b3f39064758bfc535c0cbeec46861ae626a3
alt-php56-opcache-5.6.40-122.el7.x86_64.rpm
sha:5dd5a47599fa42760bcb479caf71e6d6fd7f8598699bf863f86abcedea4eeb6a
alt-php56-pdo-5.6.40-122.el7.x86_64.rpm
sha:fd878634d2c2bde433cfea54fa833d50974a801afd9b4d3c37e2d3fcf39a22b8
alt-php56-pgsql-5.6.40-122.el7.x86_64.rpm
sha:acde1c4e02e7b796d2222a256548bfcb6cd6ee9660c414a3e0d6aca1e41ba900
alt-php56-php-fpm-5.6.40-122.el7.x86_64.rpm
sha:ef4ba5583d0dbf8122dc59903fe6b6482068af4be1331506304d4e277a690e56
alt-php56-process-5.6.40-122.el7.x86_64.rpm
sha:30da6a12f33100676075ffc26a1a95f695aca81d22e609e49b52d62c2dc6ec3c
alt-php56-pspell-5.6.40-122.el7.x86_64.rpm
sha:43708237f2ac078131d7508c2f52886983af9a6504fea9c60c2c4e36c7b638ff
alt-php56-recode-5.6.40-122.el7.x86_64.rpm
sha:09ba0441015e756782b148f75bf2af8f8280ad444b558fea5ecb3e29a022dcaf
alt-php56-snmp-5.6.40-122.el7.x86_64.rpm
sha:3522f957fd0974437895f257805cc0e7decb64d72efdb08d5ac4c69b0364acc0
alt-php56-soap-5.6.40-122.el7.x86_64.rpm
sha:cbf94f2994f9cdd82a21f91637cba9efa41a2b5a1aeca03486970228de064d69
alt-php56-sybase-5.6.40-122.el7.x86_64.rpm
sha:f244110381e2ab8d7af4c30703267a8c8568169a51c4174411d10c677c213189
alt-php56-tidy-5.6.40-122.el7.x86_64.rpm
sha:e9ac7a1e7415066a9ce213916c7e8c6c101bd2bd408d95d6f5fa725f1f98a2d8
alt-php56-xml-5.6.40-122.el7.x86_64.rpm
sha:a3209e381576b9878499b252237a68fad12694af47a6137ed764f9eaf8cd2f06
alt-php56-xmlrpc-5.6.40-122.el7.x86_64.rpm
sha:4eda7691024c373e842d723b4ee0a354ca18f63bdd84ef91a3b8ffc6400496f6

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.