[CLSA-2026:1779447806] Fix of 5 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-22 11:03:31 UTC
Description:
* SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys - debian/patches/php-7.1-CVE-2026-6722.patch: backport upstream commit aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor to ZVAL_PTR_DTOR. - CVE-2026-6722 * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map item missing element - debian/patches/php-7.1-CVE-2026-7262.patch: backport upstream commit 79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in to_zval_map() (was checking xmlKey, should check xmlValue). - CVE-2026-7262 * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri - debian/patches/php-7.1-CVE-2026-6735.patch: backport upstream commit 99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc.request_uri with php_escape_html_entities_ex() and fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-AND of two flag constants evaluates to 0). Adapted to 7.x layout (struct access "proc.X", single encode flag, older 6-arg php_escape_html_entities_ex signature). - CVE-2026-6735 * SECURITY UPDATE: soap SoapServer use-after-free after header parsing failure when SOAP_PERSISTENCE_SESSION is set - debian/patches/php-7.1-CVE-2026-7261.patch: backport upstream commit db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj) call sites in PHP_METHOD(SoapServer, handle) with "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)". - CVE-2026-7261 * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input - debian/patches/php-7.1-CVE-2026-7568.patch: backport upstream commit 47def8ce1d in ext/standard/metaphone.c — retype w_idx and Lookahead's how_far/idx from int to size_t to avoid signed overflow while walking strings larger than 2 GB on 64-bit builds. - CVE-2026-7568
Updated packages:
  • alt-php71_7.1.33-90_amd64.deb
    sha:8fc4d07f2eae24fd0a03f3672cb388e33b7518d4
  • alt-php71-bcmath_7.1.33-90_amd64.deb
    sha:a7a71f4a1c6a62a163264fb2b3259de864a15d98
  • alt-php71-cli_7.1.33-90_amd64.deb
    sha:5084116c95d9a13a1c16359682135f2c52b4da1a
  • alt-php71-common_7.1.33-90_amd64.deb
    sha:5097e2e418f746ae362a6b3827701d1adc9a5c8b
  • alt-php71-dba_7.1.33-90_amd64.deb
    sha:08b6ba0731edb95faf8a492874d73a0dd697712d
  • alt-php71-dev_7.1.33-90_amd64.deb
    sha:5f4ce0eeb41be8ad514ca16401a9ac88d66a88bd
  • alt-php71-enchant_7.1.33-90_amd64.deb
    sha:4c1f41ef99fbcd577c64ed94d1607d618b60ebeb
  • alt-php71-firebird_7.1.33-90_amd64.deb
    sha:a4d1af5f6e8da712c041ef85c7f52deb0271b820
  • alt-php71-fpm_7.1.33-90_amd64.deb
    sha:b5d535f19bdfd3cad3f43c71688a20cd5e8620c5
  • alt-php71-gd_7.1.33-90_amd64.deb
    sha:d0df7c8276f9f3131a0341c21b5403b0d0579795
  • alt-php71-imap_7.1.33-90_amd64.deb
    sha:fcfcd2040f218f7c52d417c3c3f44e0dd77df41f
  • alt-php71-intl_7.1.33-90_amd64.deb
    sha:cc76674e17daa70b2435f9a8512908de969032cc
  • alt-php71-ldap_7.1.33-90_amd64.deb
    sha:3e41fcaa90158f5d1793e9803564526598651d9e
  • alt-php71-mbstring_7.1.33-90_amd64.deb
    sha:bfdea1c75baabef9fd21d2feec2f33436e4d0120
  • alt-php71-mcrypt_7.1.33-90_amd64.deb
    sha:d5afb13684eb187658a2f692202e23df0e1e657a
  • alt-php71-mysqlnd_7.1.33-90_amd64.deb
    sha:67ba4674bacb4a1a04c0ccb3063b357534c47564
  • alt-php71-odbc_7.1.33-90_amd64.deb
    sha:461bf74877d6042943cf78de326c745490a33ec7
  • alt-php71-opcache_7.1.33-90_amd64.deb
    sha:b3f7f1d0b9b05a56a874bf5921442e6e13a2f2f1
  • alt-php71-pdo_7.1.33-90_amd64.deb
    sha:dda61057ead3bff6376a8281274f929788abebf9
  • alt-php71-pgsql_7.1.33-90_amd64.deb
    sha:90a06e03d3df9c71d9dec53842d9615b38a28f66
  • alt-php71-process_7.1.33-90_amd64.deb
    sha:516f30153e7fbea189ae143617a3e09b208a0582
  • alt-php71-pspell_7.1.33-90_amd64.deb
    sha:fae340f338327f8c200d58c22b41c29f11bf5f18
  • alt-php71-recode_7.1.33-90_amd64.deb
    sha:10910c4f305f47dd0407cf4fd43a94083294ccdf
  • alt-php71-snmp_7.1.33-90_amd64.deb
    sha:26f3f2b551c2451a8bfab89f8ba4a32d78ed86ef
  • alt-php71-soap_7.1.33-90_amd64.deb
    sha:2761c36ed377045ae8338ebba6075595b223b83c
  • alt-php71-tidy_7.1.33-90_amd64.deb
    sha:b0987f84979b56bdc1243136473ae9dcdea73dcb
  • alt-php71-xml_7.1.33-90_amd64.deb
    sha:682da98ba3419e88a6e1f79a709ac04c20792d75
  • alt-php71-xmlrpc_7.1.33-90_amd64.deb
    sha:3c11e7a0c8a1d62e226376e89520e568c83f6e0b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.