[CLSA-2026:1778939818] Fix of 6 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-16 15:44:59 UTC

Description:

   * SECURITY UPDATE: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4)
     - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4)
     - CVE-2026-7258
   * SECURITY UPDATE: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5)
     - debian/patches/CVE-2026-6722.patch: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5)
     - CVE-2026-6722
   * SECURITY UPDATE: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv)
     - debian/patches/CVE-2026-7262.patch: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv)
     - CVE-2026-7262
   * SECURITY UPDATE: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57)
     - debian/patches/CVE-2026-7568.patch: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57)
     - CVE-2026-7568
   * SECURITY UPDATE: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q)
     - debian/patches/CVE-2026-7261.patch: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q)
     - CVE-2026-7261
   * SECURITY UPDATE: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)
     - debian/patches/CVE-2025-14179.patch: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)
     - CVE-2025-14179

Updated packages:

libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:a505773f3f7ce8a8e73e5677a945f54c90b8205c
libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:da6ed6fdc6a25af93ede7bd004bdde69fdd4cd50
php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_all.deb
sha:ac78a1daed90da1f786010f4eb8f211c03830bd3
php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:89a76ffb0498dbafd7fdcbb7f4291b638223cc60
php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:f5b7ed830aff81361d495b70419519ed913c66f5
php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:7d09c22a5a7e6ac1017c334c5e4778d26b136805
php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:bf267f2493f8524c02fc2ba3c8d2b37449ed4d3f
php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:dc518dc500c769a195b698512a9fdf8683314434
php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:1ca22d6fb6b18cf82a4206d5c110a01bc11a3b6c
php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:d7b9cd1473152d7fbf59db13d191e4853e024e45
php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:0ab3dc37f568a88240d767ef97dcddd476fc6a1b
php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:d3d05fdd84730a7affab2b47a3c8b88b10b84923
php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:a8439b5988c30792334d9ab1486f5557d58a5bb0
php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:df1d649d019d3cc31275979724c13e5da107f67c
php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:3ff40982c117c7de9b09d7999fbb3757a7b7558b
php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:e7005b0b6693d0b47a824c44698ea9e96fd3b07d
php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:ebdac8c5b94fbb19a8cdf7775d2307a36fa58620
php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:323384abefe7ee50cf63d0a06f09d78c0ea6d6ca
php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:7b8bf959b5a2bc3984a348cfa3ae2a770f36962f
php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:055fbd2b1b3b920fa2eefb0c283cecc53d258f18
php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:87c6be2de523341253df1d88b199bfe1d05732de
php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:ba185e010f19a562d76bc95b10fcd1cba38bbf49
php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:a73af6a4b6316ac2e06522679ee3da3877e6e64c
php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:c41e37250f6a14962fa660bdfe1440c9b2abb6c0
php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:deb8e7feb07f0ac78337e32c76bb89b40044518d
php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:1c2e11d5c7b895d002ee391af653f9e21e5fb0bd
php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:aa71c7b73a73893b3161e4ace4cdd81d89dac607
php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:0fa7be26e2085b838fdb7f86c6bfe46694f8aecb
php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:c61b0021680aaecd86e32dfab36c329c5e1df39d
php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:70b8f15647c9125a82903efb1c34d9017e3be508
php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:03848be37d8b922520e4e0c75638eab57fdaf8de
php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:639b275eb0e6eb7f9ee2ec82425ae40a7c84fdc5
php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:46b7737dfb7a281ffad52013fb6f389e5784f711
php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:9f5312e915135fd9569330f64d67c381861ecb81
php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:0a499883e8a2581e6bc668b624cee3f5a7acdd74
php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:2ab574b73804e62d498caa27bab621656eb0b9a0
php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:c3403d75f23607bcd228cc1e7bc200ea3ab1065e
php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_all.deb
sha:1f1514044c5bc754e083f28583e0b6b5bbe9e672
php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els22_amd64.deb
sha:f0a8e78358787503518b046a54f3b3831634d527

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.