CLSA-2026:1779125894

[CLSA-2026:1779125894] php: Fix of 7 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-18 17:38:19 UTC

Description:

- CVE-2026-7258: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4)
- CVE-2026-6722: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5)
- CVE-2026-7259: fix null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() (GHSA-wm6j-2649-pv75)
- CVE-2026-7262: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv)
- CVE-2026-7568: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57)
- CVE-2026-7261: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q)
- CVE-2025-14179: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)

Updated packages:

php-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:38d6cb6f670146e7708f405a9236f06a8a95f65f0a085d7d1870304b2c14864d
php-bcmath-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:2763c94a5603d8c45ab01a282e71854a519898c97fd847023742e3a0190acc95
php-cli-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:67a0157db8bc8252ffac020ff15d7e0b2d61fe9b4e5ce42b18a924c2ef309a99
php-common-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:bf6d84ebdf72692f242cd8a3bfe68633ac178a1ffc8ccec6429acbb738ec9e42
php-dba-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:c1a4fa7ab7216201ef200c4f112943fe8d96145b0153ff87bc9adf850abb1e6b
php-dbg-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:d02a6beb671554e86c3b3131c4fa03cf4096e5da5662fae432524fdb2d78bc27
php-devel-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:8d8dc0ce7ef01989bd97657225120a9101f232d16053fa6b4615832e86a47f7b
php-embedded-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:b61fa0b478b1ffcbe9d18f6294db24c83e24408ce4647b6b2e5f12b80d9d0028
php-enchant-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:a008cad5d6dd6ef5656f7ad67d6756c97e442ddaa5d1b037f602a4498e7c1ef2
php-ffi-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:072f9895ce0082a990e3f8525255b9fe6b125b54adc90fc1a58417484ec920dd
php-fpm-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:3cd16000f75b138d1eb4de30f711fad4cdb4100cf1fc6da375586a6822ad760d
php-gd-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:1e8f8d5139597bd96878ed1550ae4cf1ae4e8ad24316ad29c7bf03916b018b04
php-gmp-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:fa1a0ca84d4dffd47c102eb22fa2350d1567e20e65b67f1b504d710ebe488149
php-intl-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:565a0555eda6322f9e0f6793416124ad92d5b8dd690894c061a66d1c31a2d790
php-ldap-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:5651e83937d952585c90391a704dc6ea7823ee3b3dcc663bb74d74ba31bbca82
php-mbstring-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:2109d119965df6ee7403d3190b3d91e626b58273fc3894023f9624238bd2e558
php-mysqlnd-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:23ccb20e27b1e4571e6b3a48aaf3c6429f86dcfa3d12d842d6d4c14d57825579
php-odbc-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:7d171539394b4f14f1e2cf3e45cee4390387927f36ba4512b7fb43484ccedc9d
php-opcache-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:e715554fc5ec2b000e28ac8a68cd440da32493bf55cf1e2c23d9b0ef9b35b284
php-pdo-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:49af6d6be8ea60671ee8eaf3f195745387fc4eec10f933a412e2cc905432c75e
php-pgsql-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:5b5deec25a4325903ffac1ae46de2fd6e2a7b19667ba283f72fd37a8dd74a4ba
php-process-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:0585101aeb3729c68eca18d3cdb6d9a8bd63d16549fbe115914163953513997e
php-snmp-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:8eb16093214f57317dd75d555620634d31c4e3caf5c2ccb9224f29355d55090e
php-soap-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:75ca77d2566ade08dda2b9623642b8e728b4406debe899da70e1fb5285e5111b
php-xml-8.0.30-3.el9_6.tuxcare.els5.x86_64.rpm
sha:fcecc3e06b32a0e189cccd59aab233734e9019389b81986a66b59b19d4161439

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.