CLSA-2026:1779468980

[CLSA-2026:1779468980] alt-php73: Fix of 5 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-22 16:56:25 UTC

Description:

- CVE-2026-6722: soap extension use-after-free via apache:Map duplicate keys
- CVE-2026-7262: soap extension NULL pointer deref via apache:Map missing value
- CVE-2026-6735: php-fpm status endpoint XSS via unescaped request_uri
- CVE-2026-7261: soap SoapServer use-after-free after header parsing failure
  when SOAP_PERSISTENCE_SESSION is set
- CVE-2026-7568: metaphone() signed integer overflow when called with >INT_MAX
  byte input on 64-bit builds

Updated packages:

alt-php73-7.3.33-57.el8.x86_64.rpm
sha:231c38fb4f068ca7c75bef4c731295fcb23c45c089e63a358c437ca80c367ac8
alt-php73-bcmath-7.3.33-57.el8.x86_64.rpm
sha:2c1ab184814498530d91ff765bf5f0b3b239512b28930b6fd1a5012b9556c24b
alt-php73-cli-7.3.33-57.el8.x86_64.rpm
sha:4c3ddee3a7e59d21772a28895a2c4c82a59336ed9f88563dcd63b8ef2fef7e7c
alt-php73-common-7.3.33-57.el8.x86_64.rpm
sha:d29204e106710275fcb0eb5e6353206596366dae3ee7d358bf3e4d571dd2d500
alt-php73-dba-7.3.33-57.el8.x86_64.rpm
sha:33e3779cbe46ad00d2bdfe27f04fcd0eeed5de8404b57ee5b678bc0a4968cdc0
alt-php73-devel-7.3.33-57.el8.x86_64.rpm
sha:689dcd4e4d1cde029056d7fab3f0e30ac4999e52e89c46876eba50dca615de8f
alt-php73-enchant-7.3.33-57.el8.x86_64.rpm
sha:0746d24acf50da60d03e34ba4d9dcfa650b09e20067444c202ebe9e60f5d4b94
alt-php73-firebird-7.3.33-57.el8.x86_64.rpm
sha:e23b4cae3a843cc4f781ee22d3ea5fb364ad21f4c85fb388d7ce76d78e2c7104
alt-php73-gd-7.3.33-57.el8.x86_64.rpm
sha:99206e2b5ccdddadc5ec05d4d743f6834c5053c6dcbea2aec49316a4e95edceb
alt-php73-imap-7.3.33-57.el8.x86_64.rpm
sha:054a4dfc039403ba5f1f041e0af3731b6caa4ca3477754df061bdb8afe5b79f3
alt-php73-intl-7.3.33-57.el8.x86_64.rpm
sha:a246dc20af03255f021d3059d8798718659481425d731aa998178b341b2e0b93
alt-php73-ldap-7.3.33-57.el8.x86_64.rpm
sha:e5f85f08f7ec5ed6509a9176ea4a0a5ef0155b4ccb5aaf72d1a97abadd20ebe5
alt-php73-mbstring-7.3.33-57.el8.x86_64.rpm
sha:2025f57a5d68573f5f2ccb78f5bae05e217835c75f2d93833f96dc2e92d4f280
alt-php73-mysqlnd-7.3.33-57.el8.x86_64.rpm
sha:ded87fd24d146088584f94d41dddad4122703a6cd5c3d7e8a287f25d66e54f38
alt-php73-odbc-7.3.33-57.el8.x86_64.rpm
sha:af3a946c53e3ca801158f982f346beac0ea668a937564aa8fd809586095ed2c7
alt-php73-opcache-7.3.33-57.el8.x86_64.rpm
sha:fbbbc75cbe1ea9a97de857ebe01e671e82c2d73f5566c7a22c4184c4209cecfe
alt-php73-pdo-7.3.33-57.el8.x86_64.rpm
sha:8886f9f326f574d6e09f5a6a57f30aa70d09f8935e05ed6c2b2238de9305e696
alt-php73-pgsql-7.3.33-57.el8.x86_64.rpm
sha:2c009fc8c66c0cb4d77a507ece5b8345411ff20a396cce03130749dc3093f5e2
alt-php73-php-fpm-7.3.33-57.el8.x86_64.rpm
sha:fb92ee2f88792ccf25e72d31b2363042385f86e4f747e1b11482184a30931bbf
alt-php73-process-7.3.33-57.el8.x86_64.rpm
sha:871f7c0312bbc0d4e5f9459dd35eb68f4712170b72fcd2834d2175ff4eeb5855
alt-php73-pspell-7.3.33-57.el8.x86_64.rpm
sha:15c39bdcff637dd3465f9f931cb5808abd2f3034e69d5e18be62d17801773a68
alt-php73-recode-7.3.33-57.el8.x86_64.rpm
sha:0431277598cad8ca543aff4827ed60bc43a5b2106e6b46318a3ad6358733e597
alt-php73-snmp-7.3.33-57.el8.x86_64.rpm
sha:6582b6ec7285f284fa66c261b0b0e82a76152c97f57e2604f98e7965e2b233bc
alt-php73-soap-7.3.33-57.el8.x86_64.rpm
sha:c25352a929b60c173dc10e8a9b9237f44f321a95631f0f2109e73a4b9034b8bd
alt-php73-sodium-7.3.33-57.el8.x86_64.rpm
sha:4dcec847b3ba2279ca8df07499bb3332178911dfa172215a050ab3050912fa62
alt-php73-tidy-7.3.33-57.el8.x86_64.rpm
sha:5ba4af343fae317acca95f0eedf41b752a7fdec542a7d4bbd7279e506275c52a
alt-php73-xml-7.3.33-57.el8.x86_64.rpm
sha:3b4ba7b7a50c6e9ea5a8ffec4e8df9842b7a15030737a7ef69e2d9565051a55c
alt-php73-xmlrpc-7.3.33-57.el8.x86_64.rpm
sha:d6a2f82c5a163d2cf836d9cb2ad154e95547218b7d744ca659444ef48e06e632

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.