[CLSA-2026:1779457474] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 13:44:39 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.1-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.1-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.1-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.1-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.1-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php71_7.1.33-90_amd64.deb
    sha:8fc4d07f2eae24fd0a03f3672cb388e33b7518d4
  • alt-php71-bcmath_7.1.33-90_amd64.deb
    sha:f062b67097e4f980c294a23aaa7c56de033e5088
  • alt-php71-cli_7.1.33-90_amd64.deb
    sha:e2dc6a27d568f98a7a18faabf34a00ead5c8c4a9
  • alt-php71-common_7.1.33-90_amd64.deb
    sha:b6414a59ac11150762212828d0e510f564d8ff3a
  • alt-php71-dba_7.1.33-90_amd64.deb
    sha:c7fa0ce158606b84cce6acd891edd404e13e1f93
  • alt-php71-dev_7.1.33-90_amd64.deb
    sha:6beb1ffc803aa3f1d211407e0f0aad15ba27d73f
  • alt-php71-enchant_7.1.33-90_amd64.deb
    sha:3410b6756568ceaca49896bda95f63bc9f618030
  • alt-php71-firebird_7.1.33-90_amd64.deb
    sha:430efc5650367bb656221bd20633b50af0f62435
  • alt-php71-fpm_7.1.33-90_amd64.deb
    sha:e2879c731fcb215a847c647b8a97a2de07c3f791
  • alt-php71-gd_7.1.33-90_amd64.deb
    sha:6bb5cedb3106b00081d8663813dcd300691e301f
  • alt-php71-imap_7.1.33-90_amd64.deb
    sha:017f78278b7a870a217bd1c988f2bd648d370004
  • alt-php71-intl_7.1.33-90_amd64.deb
    sha:4a6391a2daa8a841f2cbacb3773a98492107cece
  • alt-php71-ldap_7.1.33-90_amd64.deb
    sha:1ced3ddeec40e12e5a06649a2aba1b23d6a869a1
  • alt-php71-mbstring_7.1.33-90_amd64.deb
    sha:c550848a03811455b131509dbca383e04e79b78e
  • alt-php71-mcrypt_7.1.33-90_amd64.deb
    sha:02e00bae4e8000dfe60b57edaface934e174e364
  • alt-php71-mysqlnd_7.1.33-90_amd64.deb
    sha:1e028c01303049d193ae7809e96941006db1b00e
  • alt-php71-odbc_7.1.33-90_amd64.deb
    sha:4229ecb7cb7630c1adb059e36a58c943bc62fa92
  • alt-php71-opcache_7.1.33-90_amd64.deb
    sha:88da0d555296dbe3ac4459d3a9a1e473f430fb62
  • alt-php71-pdo_7.1.33-90_amd64.deb
    sha:6f1eaf5489a71255faba4db73a5a71ccd6fb70f8
  • alt-php71-pgsql_7.1.33-90_amd64.deb
    sha:130e8cce34469119555c22c00a95eaf214b7caea
  • alt-php71-process_7.1.33-90_amd64.deb
    sha:41f168c47e25d3e351331310a6401d1c02a7b8a9
  • alt-php71-pspell_7.1.33-90_amd64.deb
    sha:7870af2a41d2c635f78acd616f7403203c92e60a
  • alt-php71-recode_7.1.33-90_amd64.deb
    sha:98b8bc1e6aced5323dc41704d449c1bdb20280dd
  • alt-php71-snmp_7.1.33-90_amd64.deb
    sha:705544a47b42a9f87f6dc19c8980e05d5f00a8da
  • alt-php71-soap_7.1.33-90_amd64.deb
    sha:f404ccff4d32e0034187436ce0fb38e811e9adc8
  • alt-php71-tidy_7.1.33-90_amd64.deb
    sha:eaf63d75fcf0f4a6429160a9ae77e9073dae616d
  • alt-php71-xml_7.1.33-90_amd64.deb
    sha:9d25d0f68f298921d6e0f5781be98e4f93929340
  • alt-php71-xmlrpc_7.1.33-90_amd64.deb
    sha:11ef27ccd75502c863333ef1194ebc5eb345444f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.