[CLSA-2026:1778787692] Fix CVE(s): CVE-2026-7258, CVE-2026-7262, CVE-2026-7568

Type:

security

Severity:

Critical

Release date:

2026-05-14 19:41:39 UTC

Description:

   * SECURITY UPDATE: NULL pointer dereference in SOAP apache:Map decoder
     - debian/patches/CVE-2026-7262.patch: fix wrong variable checked in
       to_zval_map() NULL check, changing if (!xmlKey) to if (!xmlValue)
     - CVE-2026-7262
   * SECURITY UPDATE: Signed integer overflow in metaphone() char array offset
     - debian/patches/CVE-2026-7568.patch: widen w_idx in metaphone() and
       how_far/idx in Lookahead() from int to size_t in
       ext/standard/metaphone.c to prevent signed overflow on inputs
       exceeding 2^31 bytes
     - CVE-2026-7568
   * SECURITY UPDATE: Denial of service via signed char passed to ctype functions
     - debian/patches/CVE-2026-7258.patch: consistently cast chars to
       unsigned char before all ctype.h calls (isxdigit, isdigit, isalpha,
       isalnum, isspace, tolower, toupper) across 54 files including
       ext/standard/url.c (php_url_decode, php_raw_url_decode) and
       ext/standard/formatted_print.c, Zend/zend_virtual_cwd.c, and others
     - CVE-2026-7258

Updated packages:

libapache2-mod-php7.4_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:b1bab3c52b467b3a0ba7c1ba2b927fb31d6ca88a
libphp7.4-embed_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:c6521eb272145ba02c6dbffa265bb7d1456caf1f
php7.4_7.4.3-4ubuntu2.29+tuxcare.els4_all.deb
sha:b38000ba49bcd8d6b134b7f816789394b4b026bf
php7.4-bcmath_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:075233d5718569dabce7c861fbbf8e51ac7e4766
php7.4-bz2_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:a255eaf0a567bd23cbc4c14cf02a63b3b14f33f0
php7.4-cgi_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:d7ba6ab1cff2bd049a370e50efa9b5d2e180ad95
php7.4-cli_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:6946a4783ec535fd56341d38bc34d5b218e81afc
php7.4-common_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:fc8faf32a4bf6618def9860dc5ce7989cb103ec8
php7.4-curl_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:3ec4e0d0c1cdc9ede6d0f227c07d7060fca586a3
php7.4-dba_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:6c3d39961bb0d90fd2e1388921df17f3e57f5421
php7.4-dev_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:c2cfa1dbc6d1036c46fd630cdc1bdb4ddd047723
php7.4-enchant_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:5c25eb81a3a87b0625ea3657714f43f3f2040540
php7.4-fpm_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:5b0904e0a5ec380e7789f17faeff0b3925873f68
php7.4-gd_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:606f31674c8bc20c0e299e8e62dbbe49ffbe780c
php7.4-gmp_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:c66414cb8f1bff5153b078c578257d74568f0e33
php7.4-imap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:39f7baf6e05151bbc6b58626e4856071fd55a6eb
php7.4-interbase_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:19e3584caf393d5ef76e571aa991dd5bb0c4159b
php7.4-intl_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:725559e2550cf34304b3745ce9241c6e1229b80c
php7.4-json_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:1b20bb2bb94ea6f89d0093f1aa16871ac55d2819
php7.4-ldap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:3e3b775bc1d548faa6b6d906889ecd53564b3889
php7.4-mbstring_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:3f1eacbeff20c26cdef4fb0770233fe9cabbeb05
php7.4-mysql_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:68ffd99fe08d135c1f0910abe4554a99e17d556d
php7.4-odbc_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:61b40d96034b944c9804c45d1976b1351aa2616e
php7.4-opcache_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:59f03bd76df5a535155c4eabd83998499fd8058f
php7.4-pgsql_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:f20ed7836b1fa546e041bfb1efca08fe97e0cd33
php7.4-phpdbg_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:a1bf28a316225ac9254f24c1862f4bcd1e1788b2
php7.4-pspell_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:3e841c831632036636e65cbe2f04755c8fde6e4b
php7.4-readline_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:d541eccd3658d020e3d0a17195199c071f76d3e7
php7.4-snmp_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:0b17e5b8d3dc6f404602a57966d04823c5df0221
php7.4-soap_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:05bfe974df09dba090cf8638d801ebae1ff5aeda
php7.4-sqlite3_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:332522457dc5667d3fb6d82c587d27c91f548338
php7.4-sybase_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:8716099087a01187c5b318aacd3c77f4333ae6b0
php7.4-tidy_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:693a949003b15d4359a45b1266ae16671ef7dfcd
php7.4-xml_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:addca5394ab32de3128262a8220bbb908238812b
php7.4-xmlrpc_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:398d911745bb05984abb09a19861f21b3e1b9af6
php7.4-xsl_7.4.3-4ubuntu2.29+tuxcare.els4_all.deb
sha:2e6370c0f7f37391c10a0b5c592396fd6f4d6439
php7.4-zip_7.4.3-4ubuntu2.29+tuxcare.els4_amd64.deb
sha:13e2f4cf08f4a5d31e3dee0254be76cd4c5006be

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.