[CLSA-2026:1779206303] Fix of 7 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-19 15:58:28 UTC

Description:

   * SECURITY UPDATE: soap extension use-after-free via apache:Map duplicate keys
     - debian/patches/php-8.1-CVE-2026-6722.patch: backport upstream commit
       aee3b3ac9b in ext/soap/php_encoding.c — add Z_TRY_ADDREF_P on
       soap_add_xml_ref insertion and change SOAP_GLOBAL(ref_map) destructor
       to ZVAL_PTR_DTOR.
     - CVE-2026-6722
   * SECURITY UPDATE: pdo_firebird SQL injection via NUL bytes in quoted strings
     - debian/patches/php-8.1-CVE-2025-14179.patch: backport upstream commit
       3f40b65323 in ext/pdo_firebird/firebird_driver.c — replace
       strncat/strncpy/strcpy in preprocess() with memcpy plus explicit length
       tracking.
     - CVE-2025-14179
   * SECURITY UPDATE: soap extension NULL pointer dereference via apache:Map
     item missing  element
     - debian/patches/php-8.1-CVE-2026-7262.patch: backport upstream commit
       79551ab8b1 in ext/soap/php_encoding.c — fix typo'd null check in
       to_zval_map() (was checking xmlKey, should check xmlValue).
     - CVE-2026-7262
   * SECURITY UPDATE: php-fpm status endpoint XSS via unescaped request_uri
     - debian/patches/php-8.1-CVE-2026-6735.patch: backport upstream commit
       99a5ad7441 in sapi/fpm/fpm/fpm_status.c — escape proc->request_uri
       with php_escape_html_entities_ex() / php_json_encode_string() and
       fix the broken "ENT_HTML_IGNORE_ERRORS & ENT_COMPAT" flag (bitwise-
       AND of two flag constants evaluates to 0). Applies with line
       offsets only against PHP 8.1.34.
     - CVE-2026-6735
   * SECURITY UPDATE: mbstring NULL pointer dereference in
     php_mb_check_encoding() via mb_ereg_search_init()
     - debian/patches/php-8.1-CVE-2026-7259.patch: backport upstream commit
       79a054eae0 in ext/mbstring/php_mbregex.c — resolve the mbfl
       encoding before storing it in MBREX(current_mbctype_mbfl_encoding)
       and return FAILURE if NULL (encodings supported by Oniguruma but
       not mbfl such as iso-8859-11, UJIS, KOI8-R).
     - CVE-2026-7259
   * SECURITY UPDATE: soap SoapServer use-after-free after header parsing
     failure when SOAP_PERSISTENCE_SESSION is set
     - debian/patches/php-8.1-CVE-2026-7261.patch: backport upstream commit
       db2a7f9348 in ext/soap/soap.c — guard both zval_ptr_dtor(soap_obj)
       call sites in PHP_METHOD(SoapServer, handle) with
       "if (service->soap_class.persistence != SOAP_PERSISTENCE_SESSION)".
       Adapted to 8.1's fault path (extra zend_string_release(fn_name)
       before each dtor).
     - CVE-2026-7261
   * SECURITY UPDATE: metaphone() signed integer overflow on >INT_MAX input
     - debian/patches/php-8.1-CVE-2026-7568.patch: backport upstream commit
       47def8ce1d in ext/standard/metaphone.c — retype w_idx and
       Lookahead's how_far/idx from int to size_t to avoid signed overflow
       while walking strings larger than 2 GB on 64-bit builds.
     - CVE-2026-7568

Updated packages:

alt-php81_8.1.34-13_amd64.deb
sha:2b211499506d4afa43ea1e0bda65b07fa333c89f
alt-php81-bcmath_8.1.34-13_amd64.deb
sha:92eb0d0b2e050dcf8f728d7a1c998a5e6734979d
alt-php81-cli_8.1.34-13_amd64.deb
sha:034f5e63c2e2d92626c881b166a25dfda6218241
alt-php81-common_8.1.34-13_amd64.deb
sha:d9abcd5d15a079df5f39221884d167fca4560b4e
alt-php81-dba_8.1.34-13_amd64.deb
sha:020bc9ab5ea6d75c75fbdf4481c934fa9164d06c
alt-php81-dev_8.1.34-13_amd64.deb
sha:6311e127964bff640b2d8fef6cc050366f192a3b
alt-php81-enchant_8.1.34-13_amd64.deb
sha:fcae489268d759c67f2239f63b827d577f5c14bf
alt-php81-firebird_8.1.34-13_amd64.deb
sha:c99c03c52ac64fc545f53bfdd20715b394199f96
alt-php81-fpm_8.1.34-13_amd64.deb
sha:720b81b6a668940cf7e6de851f933b858a1df821
alt-php81-gd_8.1.34-13_amd64.deb
sha:9d95f56d0be20ec90189cafc77d6f2c70c7e1f71
alt-php81-imap_8.1.34-13_amd64.deb
sha:064253c65ee6f2acd33753f6c59db7d9c8e7dc80
alt-php81-intl_8.1.34-13_amd64.deb
sha:ff45b134fe52dd1dd7206063341c05e187ef5501
alt-php81-ldap_8.1.34-13_amd64.deb
sha:fd843cdb73f25fb41bc8717a5b6c17bf23283189
alt-php81-mbstring_8.1.34-13_amd64.deb
sha:b0a82244a567fe39d4a9eae7b24ac9bed64c69ba
alt-php81-mysqlnd_8.1.34-13_amd64.deb
sha:a6948f3ea25b91f07c7ffe23c27120129a26815e
alt-php81-odbc_8.1.34-13_amd64.deb
sha:b38a859251fc64243dd5959282811bcb46d26462
alt-php81-opcache_8.1.34-13_amd64.deb
sha:a597035f409b313878376a80facae318866a2684
alt-php81-pdo_8.1.34-13_amd64.deb
sha:806e9afda0e4c550215d57656ff6f593bdc736f1
alt-php81-pgsql_8.1.34-13_amd64.deb
sha:6a7b305c647952345f3031d3ab6d18f582426dd2
alt-php81-process_8.1.34-13_amd64.deb
sha:f1332b5ab01440e062b6df7f78ef946c506e2d9e
alt-php81-pspell_8.1.34-13_amd64.deb
sha:c22f898dd9ae09b460ed3ac27fb4c96c558ec5e2
alt-php81-snmp_8.1.34-13_amd64.deb
sha:448c555b903f469f41b1d085c27b03c445c15d7b
alt-php81-soap_8.1.34-13_amd64.deb
sha:ae1adf25eeada0a167ef4b4a5ca6820bc8180312
alt-php81-sodium_8.1.34-13_amd64.deb
sha:ef35b7ffa6089500e2de802305917a7d2b3242a2
alt-php81-tidy_8.1.34-13_amd64.deb
sha:20e82cbd8e5114581bad4c8ee99eea392a6c185e
alt-php81-xml_8.1.34-13_amd64.deb
sha:88f46f5a4798523d2ee2924954414c30958647d6

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.