[CLSA-2026:1778788198] Fix of 6 CVEs

Type:

security

Severity:

Critical

Release date:

2026-05-14 19:50:03 UTC

Description:

   * SECURITY UPDATE: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4)
     - debian/patches/CVE-2026-7258.patch: fix out-of-bounds read in urldecode() via signed-char to ctype.h (GHSA-m8rr-4c36-8gq4)
     - CVE-2026-7258
   * SECURITY UPDATE: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5)
     - debian/patches/CVE-2026-6722.patch: fix stale SOAP_GLOBAL ref_map pointer with Apache Map (GHSA-85c2-q967-79q5)
     - CVE-2026-6722
   * SECURITY UPDATE: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv)
     - debian/patches/CVE-2026-7262.patch: fix broken Apache map value NULL check in soap encoder (GHSA-hmxp-6pc4-f3vv)
     - CVE-2026-7262
   * SECURITY UPDATE: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57)
     - debian/patches/CVE-2026-7568.patch: fix signed integer overflow of char array offset in metaphone (GHSA-96wq-48vp-hh57)
     - CVE-2026-7568
   * SECURITY UPDATE: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q)
     - debian/patches/CVE-2026-7261.patch: fix use-after-free after SOAP header parsing failure with SOAP_PERSISTENCE_SESSION (GHSA-m33r-qmcv-p97q)
     - CVE-2026-7261
   * SECURITY UPDATE: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)
     - debian/patches/CVE-2025-14179.patch: fix SQL injection in pdo_firebird quoter via NUL bytes in quoted strings (GHSA-w476-322c-wpvm)
     - CVE-2025-14179

Updated packages:

libapache2-mod-php7.2_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:53027690bafefb9a0f8d5e67aaaa4e5b4ac435b4
libphp7.2-embed_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:166fc23fcf8ff155d1cbe31b7b701fd5bc3c8194
php7.2_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_all.deb
sha:4721881987372dbeafa91c28ce6ff7eadfd9820c
php7.2-bcmath_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:f694bf868e7c7c6b606abd210530ed0d19a98072
php7.2-bz2_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:5aec113622a9beebf77b84f2093daa79f6b64040
php7.2-cgi_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:8eac95e21572f94f802ba20db00a6e40da7e717e
php7.2-cli_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:701e2e64a1759fd0d930fcd04959e198f352966a
php7.2-common_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:657fda03e1b8742a18975ca2cc0ddffe8b38482c
php7.2-curl_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:8a929fc3c992284133af9fd93653533702efb1c9
php7.2-dba_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:3eb97b14afde7646144ac6dce921642a55c09024
php7.2-dev_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:1d78bbb6e09ace245a77e8a5cecebc213d45cf7d
php7.2-enchant_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:121ebd86661be233264c6bf8095c7f1f2332b526
php7.2-fpm_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:814687efa5429c43c2c5ae4762004b09bcede116
php7.2-gd_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:e6e5b0d1f351ea29ae622ffa2450c4996d7d8864
php7.2-gmp_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:9c3cf5b0ad8ca14e39a3108bb00d195a654cce2e
php7.2-imap_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:13fa9245f2c597866a3f7c9f071859014dedfe51
php7.2-interbase_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:d306a5caf51021104919efc14c9784d69a79762c
php7.2-intl_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:e44932e6789ce6d69b1999b32cff858ea91eaa83
php7.2-json_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:1d18601eb63f26e83a9c6f956dce5ce87fe1d9d5
php7.2-ldap_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:db913d557b46121bf36b0d7a41cc17e5f8a5ec0b
php7.2-mbstring_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:1fdfe9a5f38790bbff642e800666edd86e04421e
php7.2-mysql_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:1c253a6213a5e1831d5b9f0e8fcc0e81994aeb8e
php7.2-odbc_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:5f601e3980857142bde5837b5f3ed47d19f61462
php7.2-opcache_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:236b89381c683b33808832e5d71e6ab7a6631c07
php7.2-pgsql_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:de9e90d378400ff15442f4c9e160cc7b8a4faf3a
php7.2-phpdbg_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:1ae423645911176cddff53343eb816295855efc8
php7.2-pspell_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:fad68779b96b0671855769517cf95ecdd5fd0bc9
php7.2-readline_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:fdd203f095989b7ade65cbefdcd6e7c7c115d2f3
php7.2-recode_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:6e31d1c9a1113dfae996449c1e2cc22fb064a479
php7.2-snmp_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:4397ce66bb508bacd59783eb126b823149c1144d
php7.2-soap_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:0f4cd09d06bde95815eb12cc60abf8cb732b4cb3
php7.2-sqlite3_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:0c06b2bc1fa7b7f2c3e0d82cc244d3e622dae311
php7.2-sybase_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:ca2815bff3c03fafc2671c7beb78bef291a23452
php7.2-tidy_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:09617c00efe5c0a6b4e12fd45ce5a3055e242cbd
php7.2-xml_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:da7f3276bbd1b35d07b49f38d49e0a8fa647df62
php7.2-xmlrpc_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:2943e443c5658335104256a8c3da167e1633c29b
php7.2-xsl_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_all.deb
sha:9e4fb1efe1abe7d7568510a88dd8ae7d82241546
php7.2-zip_7.2.24-0ubuntu0.18.04.17+tuxcare.els15_amd64.deb
sha:db59dc8926b008e28ddc0cb38973dc4ddbee0802

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.