[CLSA-2026:1784041402] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 15:03:39 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:ece1e12f484672d95a6e522bb1b573fd2c9d6ba6
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:510086a97107790d62dd7d5b5db5cdc1c2ad1c3e
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:7dc83b88ed25728e1ee288b7ae769ab2cb0e40fe
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:02627f1827a1ff3f4bd398a5a9c073592fab49ec
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:ac26cabf765590b9af4158f2b46391881b19a729
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:6a6b885424d12962369a70053e58edc300dc2b3b
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:912144785a66a8721d07626955962d507060e565
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:b96939ec53edc9c27ca3228292563e22f523b1e5
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:e91e794f3e7ca59c4c7dc4fb70e8ccd5d2179023
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:944307207ced2e193728bb67fd0fd0413e58f32e
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:5f5ed73957f13f070c775b23ccf61240c0865b1e
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:605af681da054c6c492a1422d4f3f8873e290b0d
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:f474ac8445ab2f1ca5600f46210076f56121c5c6
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:c46171c7c94944b64552c37e1279dff3ab0001a8
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:91ba77e7897def7c601cea57158681e030cd5fd9
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:8fd315c13bde84a3b96d6ea92d28ec94201d90d5
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:7157bcb666a44d58faa79995361ba53a0f2b4fb4
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:ec233bffd153fafd2354fcfaa4e360da530e4b11
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:09baa27f63fe694d752af5d716978bf2686e4481
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:7ddc42099b6cc6074dab9a21f835438441cd77f6
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:4d37b85664e7d60dfc707163fff12b3bf79f7703
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:859de4dab40b1905948f295d54c084683d697a77
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:29ef22c7da7c1cf753637591cd341635d3e741d0
  • alt-php80-sodium_8.0.30-54_amd64.deb
    sha:d34249125625a85028a65ddd4873ce12155ada2d
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:b590e17a6b0248a459239defd222ecf873fe613f
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:357e0484b8060d796e20b87db72cb941a7de76ec
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.