[CLSA-2026:1779449836] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 11:37:20 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.3-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.3-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.3-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.3-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.3-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php73_7.3.33-59_amd64.deb
    sha:2e88b0894e71d372a0aca013aadd89ce7bac9c60
  • alt-php73-bcmath_7.3.33-59_amd64.deb
    sha:56153c4a3242f3d53080f80a6ee1af098c737134
  • alt-php73-cli_7.3.33-59_amd64.deb
    sha:a877b3fdc3d7427cd1bfee6def1d333278466409
  • alt-php73-common_7.3.33-59_amd64.deb
    sha:501a798903afa452caadb601d575e21ada10a8b6
  • alt-php73-dba_7.3.33-59_amd64.deb
    sha:daf047f19474bd53887e5fbc19fd0f249bb05f24
  • alt-php73-dev_7.3.33-59_amd64.deb
    sha:1de0a87f27685f2f98f2589ae4a415b55f87d7fc
  • alt-php73-enchant_7.3.33-59_amd64.deb
    sha:575ed3a56ac223a1feb74c79243a7733cc294e14
  • alt-php73-firebird_7.3.33-59_amd64.deb
    sha:74cc021f1fc50ba431392c47469221e09064c227
  • alt-php73-fpm_7.3.33-59_amd64.deb
    sha:e4baec48a6936458c33dd331552a868f112fd3a6
  • alt-php73-gd_7.3.33-59_amd64.deb
    sha:5f4ea6c5d8b66ebad5f6d77ddf9ca3bcb090edbc
  • alt-php73-imap_7.3.33-59_amd64.deb
    sha:4dbdbded02188ea087497a438e1f674270983011
  • alt-php73-intl_7.3.33-59_amd64.deb
    sha:898d843add31751c3a6898b4366e0a70fb902005
  • alt-php73-ldap_7.3.33-59_amd64.deb
    sha:7ce945acd856684730dacece42575bef47dfb48a
  • alt-php73-mbstring_7.3.33-59_amd64.deb
    sha:0c4b4a3bebbdc048543061e54d2e75e4e6a06773
  • alt-php73-mysqlnd_7.3.33-59_amd64.deb
    sha:0f78400c4fa7d791993ad34f7c6c2505e1ac692c
  • alt-php73-odbc_7.3.33-59_amd64.deb
    sha:4c7ce56a7583e5b0646feb3eee67d2964059c31d
  • alt-php73-opcache_7.3.33-59_amd64.deb
    sha:5824533a5dd224eff91a2172dafb0604ae32b5e5
  • alt-php73-pdo_7.3.33-59_amd64.deb
    sha:67c5543b612659ec0cc2f16f130eb4af053d014b
  • alt-php73-pgsql_7.3.33-59_amd64.deb
    sha:09f156f62ad734bb9a4b82d3ae39c73338da4eb8
  • alt-php73-process_7.3.33-59_amd64.deb
    sha:e204269803b5ed1ec1a1f7ccd25a2824b15154f5
  • alt-php73-pspell_7.3.33-59_amd64.deb
    sha:14454f534f6f5d53951f6ec88f25f75ae03f476d
  • alt-php73-recode_7.3.33-59_amd64.deb
    sha:3f2319b656646b2022652d6d0d5ff69fcb0918e0
  • alt-php73-snmp_7.3.33-59_amd64.deb
    sha:e279813ed2d7eec0de8403b0227943f9e99fe098
  • alt-php73-soap_7.3.33-59_amd64.deb
    sha:4d7aad0e9187f82b3b567c4deb37c25294eaa89a
  • alt-php73-sodium_7.3.33-59_amd64.deb
    sha:1df5da449b888dc3ddb901d078385b43a4f78819
  • alt-php73-tidy_7.3.33-59_amd64.deb
    sha:d87674f9c1e16fa4c7f52a8384d65d44274d3717
  • alt-php73-xml_7.3.33-59_amd64.deb
    sha:9a9cda706eb2f6445a07e11aea2ef446d6d45fbe
  • alt-php73-xmlrpc_7.3.33-59_amd64.deb
    sha:40e59db975faf0279162f34f4e5288812feb19a2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.