[CLSA-2026:1776856106] Fix CVE(s): CVE-2019-13224, CVE-2019-19246
Type:
security
Severity:
Critical
Release date:
2026-04-22 11:08:31 UTC
Description:
* SECURITY UPDATE: use-after-free in oniguruma onig_new_deluxe() - debian/patches/CVE-2019-13224.patch: reject mismatched encodings in ext/mbstring/oniguruma/regext.c so onig_new_deluxe() returns ONIGERR_NOT_SUPPORTED_ENCODING_COMBINATION instead of calling the buggy conv_encoding() path. - CVE-2019-13224 * SECURITY UPDATE: heap buffer over-read in oniguruma str_lower_case_match - debian/patches/CVE-2019-19246.patch: add bounds check (t >= tend) inside the lowlen loop of str_lower_case_match in ext/mbstring/oniguruma/regexec.c before dereferencing t. - CVE-2019-19246
Updated packages:
  • libapache2-mod-php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:67f74d3f8a82b4e22ab6d42b13cd5ddbfabdebb3
  • libphp7.0-embed_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:a89a70d55c593ba8163274382e9411c9dc6a5083
  • php7.0_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_all.deb
    sha:83f4349ea7832e3dd43717798c14506092590950
  • php7.0-bcmath_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:d2e527ae1e2e7cd65ebd8f241c23057ea0c67082
  • php7.0-bz2_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:f29ab4a4e40529cff85b38027103c34785cf4af8
  • php7.0-cgi_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:84737549f9da0b2f684376f8917d65278ad64054
  • php7.0-cli_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:9e01f1033236611c92795a9bc62cbfedd6a0f3ce
  • php7.0-common_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:42ac2c2eb5d50a8460391d3cf7e1313c4699bdda
  • php7.0-curl_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:2282aac39b8e411c52bebc81871f4e778de08dee
  • php7.0-dba_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:d24bc9273d678ec5248647e0cb826bae6ceaa500
  • php7.0-dev_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:511ef0087bec69895d9666f9cfdadf0be558a41f
  • php7.0-enchant_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:fb4c52038c2c8f310da0391dbb46c5022ae28634
  • php7.0-fpm_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:1a7f32c95cfdfde96d6a3bbd5e05e01b718bb499
  • php7.0-gd_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:a284bc0e1a8e4fbe09b54a1646d6b865438702aa
  • php7.0-gmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:d4f32d307c690d72382b91431f837d485c7b8799
  • php7.0-imap_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:03e5f2d2b5b6cd0bfa4cb5306fa2fa81e4014592
  • php7.0-interbase_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:1e913b253a271f598938b190dc544b28530c3681
  • php7.0-intl_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:cf422efc170dc0c6c0551e59fcfb6907f1157878
  • php7.0-json_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:ac9dd23255cd106a8aa46e9fb7f8d8004a3830c7
  • php7.0-ldap_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:1853237f8ef503f9a4b9915b2b536ba5884deb0f
  • php7.0-mbstring_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:66f104ea3364753f9a03d96a50ef4105c29be018
  • php7.0-mcrypt_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:477649c279ed43d971779bce9e31797f2b7850ec
  • php7.0-mysql_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:5dcb5301b63a26ff714fab064220bc2d807c8858
  • php7.0-odbc_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:b44dc840303ad8609d54915bb7f87f58899b27d4
  • php7.0-opcache_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:0372f37ecbae9486c88245f7f421b7cc5a5c1fce
  • php7.0-pgsql_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:0a292dc243d119e57fb20faac3e6a39d103a7f92
  • php7.0-phpdbg_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:a00a737426350eaee2e075820cf8eb3778ba4a3c
  • php7.0-pspell_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:9b98f75815aca11681553ccd855d132abddd06ea
  • php7.0-readline_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:aca781e22ba6f9b9ca3077d17126974e0c64f055
  • php7.0-recode_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:ab0b1a48019bf65e8376d586e9884aeea07b85c1
  • php7.0-snmp_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:111bf1140a6bb816fa854c3e2d8cbf8d1a238418
  • php7.0-soap_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:f64aed95e8f9fbebd507391db6c3913f458dcbd8
  • php7.0-sqlite3_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:ac6af510c3d93c285f59bb36ceb81b2c4995fff8
  • php7.0-sybase_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:daf01db4a0cd72d9835adfa0ab034a0f2f8e142d
  • php7.0-tidy_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:293237ebb2c13410bfd280728e99974dccb01be1
  • php7.0-xml_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:1d12e3096b8b1eba0f5251a4e4ec2f69615c144c
  • php7.0-xmlrpc_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:b220321b03e277432dee7a805012abdfc17cf7e4
  • php7.0-xsl_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_all.deb
    sha:d2b4c62be5c4808e7743366f32620448bf4257ab
  • php7.0-zip_7.0.33-0ubuntu0.16.04.17+tuxcare.els20_amd64.deb
    sha:c81d492a1ccc9752a80ed4763c92c2c860bc75d2
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.