[CLSA-2026:1776971672] php: Fix of 3 CVEs
Type:
security
Severity:
Moderate
Release date:
2026-04-23 19:14:38 UTC
Description:
- CVE-2021-21707: fix NUL byte truncation in XML/DOM URI file loading - CVE-2022-31628: fix phar wrapper denial of service when loading compressed quine archives - CVE-2022-31629: discard HTTP variables that mangle into __Host- or __Secure- prefixes
Updated packages:
  • php-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:de16a61e5f35e6c8c7f7485317fe9f9f5a05b957e2b923040046234a3e53b11b
  • php-bcmath-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:3c72d66b6fa9a02e44b5523e0fa9eabc4154d2ae2ecdb73f6fe6f953928886a2
  • php-cli-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:f2c83cfbc2c0594987d278f69f58d98a557dbce0a58264ec7733ff401c091505
  • php-common-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:40387415f6c82d9f74dece1fb030616c3c8da3fae782428607cdce204c5b7272
  • php-dba-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:8b7d5010b5ef2a0b37bd0efeeac02b27b6aa1bdd1c8929419c75cd835f5357b2
  • php-devel-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:9fdf723ae8b057651c1edc66cceb9074041b1200b50fb1f7e664456c9608665f
  • php-embedded-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:178505e442381248237d98280cdb729286602f7e43c0f06d425c1a2f46797629
  • php-enchant-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:0b6a8f3752baf6eabe387102ef377b2f232edc51e97b7277d6262299a8567525
  • php-fpm-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:9334906ead84582c667532d39222b2eb096d2785d41c5701db01159b28e0765a
  • php-gd-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:ec54b69ced03e71bc5e33a02417d0a05b587cdf0fac00c98695f4512b6ca1b22
  • php-intl-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:cdcda9bf99220a43c43b51ebc21b353cf8172c116ae7f2e370e081272070baba
  • php-ldap-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:22f594df1793bdab9601534fc14fc420329cf43b457573e884b6255e8595a302
  • php-mbstring-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:b61bca4cbe8aa2e459070815b8e9c53a0549b5925aa7fe48dc72edd7fb15b2bd
  • php-mysql-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:1af6f3bddff331d08bfa9d22a82a86d429c9b4005320bea24cc2c04af49ec738
  • php-mysqlnd-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:03c4705845a3455f9a1df42456e190f4b269989f898f5e09f12f0244abe7b86e
  • php-odbc-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:100fc374804f4c360ee29ea9e6c5c00dc8a950519aa70ec97ae033f558b7b375
  • php-pdo-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:fbabea34596c7c3bb0029f372d8323896f285a5d2f44f85bb6bd55b43ab85a07
  • php-pgsql-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:dda74e04c5862d5d9e227e3b47257205eb46fefc3936df8a43a595f5d7fbef2c
  • php-process-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:c95b347bc6200538ff415d0cdba279377fe91229b400b3bea47d980a3d8ff608
  • php-pspell-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:2585ce6e868077a9ebe4386673d8c91a2bf1a7b7b0733612f17fa4a0a2d88caa
  • php-recode-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:01dbe5b8382d9a22ee724fbb16ced7bcc014e423f8944168930de77c249e314c
  • php-snmp-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:9cc9c5e64c7b4ffddafdcfe4e030d753eccb00ac589dba99e2e20ad452d15a98
  • php-soap-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:d1c3ec7ebda42cfcba7497bfd3cda43ca2c441e4ce1b9c2fff0e2790525eebf6
  • php-xml-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:34b54850c5a6f82b812868fafd88bb33f367eedd2265964ad7147cdd5a45845b
  • php-xmlrpc-5.4.16-48.el7.tuxcare.els16.x86_64.rpm
    sha:c2fd9b2607daa560eda10854ae3b0e07d3fc85db40ffa450d5c291cd8afbeb8a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.