[CLSA-2026:1779121308] php: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-05-20 14:08:15 UTC
Description:
- CVE-2026-7258: fix signed-char passing to ctype.h functions in urldecode and url parsing (GHSA-m8rr-4c36-8gq4) - CVE-2026-7262: fix NULL check in to_zval_map() using wrong variable xmlKey instead of xmlValue, causing crash in SOAP typemap decoding (GHSA-hmxp-6pc4-f3vv) - CVE-2026-7568: fix signed integer overflow in metaphone() by switching w_idx/idx/how_far from int to size_t in ext/standard/metaphone.c
Updated packages:
  • php-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:6e0b3eb5223a9931585282953353a823e132dac984931d42f77d3f8719b0e4ae
  • php-bcmath-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:981bcef9e8b730eb320ca1be21320a0a67fcf77d87e638af4dd75397307701b5
  • php-cli-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:aa5e229fe0dace152253e8107ab0249a5c4d6bafde44f52b6eda3e16b7ad3b97
  • php-common-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:0e444d1563c36ef43c74ab99baa57ae8853ff79c1ce974a544850ca8f3da436e
  • php-dba-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:dac883eb1e09a6821e9da3b5e2a506c1393019a0f84a36655e5e8e36c19d4b00
  • php-dbg-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:d3d0dabefbbe3b862e49ac6ccbba6ffadbc911784963cb51aa290a12f26a9614
  • php-devel-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:3c0482c6dd788cbcabf6f602c98aa70b1b6dacb2619a48da333649e3dd4dad13
  • php-embedded-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:e06ca5b8e15cd6a18c2260dfe4c960b95cbe7fe0e6197570ae1b405ad09e052f
  • php-enchant-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:3ee6b4b32edb455ead36b84dfc70602022856db284b86e912e58f96c4c713e6c
  • php-ffi-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:9ee5dcd7d2e495feab6b79f9c6ace1ea0f02ec5f8658f4c1216381850bfdbd1e
  • php-fpm-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:6deab6c8a72db348c05e165efba73a2fa0771e1cc4880ea767d5b3080951aee0
  • php-gd-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:23ff003b2f8b08028a9202807982738c32178d1909151e684f86a1dcbeb93673
  • php-gmp-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:8214b3efd3726648cf31ac429a16b309cb65ca4b57deb2fde58d29ff016a9474
  • php-intl-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:0e63e80742b8853ebadac4f1c8d937d978a3347dde8a2d3f462d063ef2a6dfd8
  • php-ldap-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:8ab8d3109b2959201279353bf598e1031379df5b8bb74d23a6b3b1ffbc62bba0
  • php-mbstring-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:624eea15ae801f0e4caaf840d738b9d586906b27170c683e0e6d477c7855142d
  • php-mysqlnd-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:05c5244f67749b4db2bf4e2af0f3dd39fa0d839e212e409e14f69b97ea5f5eca
  • php-odbc-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:63fb2247eadf049e79e2d5db086b10a9312a82840f8c3a9d60ab6cfea9f47b17
  • php-opcache-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:9303d0c56ceb16146af3dcb5a28b68f3f40d00cb0558b53106a498a7b2fcd22f
  • php-pdo-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:7d23776efd552b8d310be15831704571c78126fed8bf5515443f32945308cd8b
  • php-pgsql-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:078679bb6cc13e7a9ffd49eb4b1e3b0d699cfe1e57c5becc8ff1e908e58dfd80
  • php-process-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:7db64d61d56bcfb9a91f2c756b9a5900c5f82fe7d2475c023d40f60b01f8baac
  • php-snmp-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:533b44db6d8d8f7053ab0d4a644291eecdf562462429bd4f7edb7bd3c0f92eeb
  • php-soap-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:a32f72d498e1e6768698520d47b49d38781ca3f3414594622688f49ee2e72924
  • php-xml-8.0.30-1.el9_2.tuxcare.els14.x86_64.rpm
    sha:342375aaeed674e5141103cdd09fd581ac01f94390ed5bf3d21d6d80712570bf
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.