[CLSA-2026:1784048484] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 17:01:40 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:408fc53379cced2ddecdea8f3f3ec76b917faf3a
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:e4c305fb6056629542220d910cc7e13ee88b0a80
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:0ceb9b3a122f210b6abde0651ae5862147c6aed4
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:9bf1e53273005b7c4e0a855e0354c571004f5813
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:d55e9f369dd2c6a333c2e00e2a20018b0511387d
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:41fdffefc9f58fc5f6fb946d080a1611e7221236
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:1c17b360781dff39ceb9fbbf9fb57fd08c70e690
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:e11886f96301702d18db2a7eedc98840d1cf0749
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:ed014a6772532575135c7b7beed1fa3925078755
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:8216830bafb12b87b677b46cc0d89d241263b800
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:dcb0ffbd029c5fa77ee8c382a3b162b5384aa4a2
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:f5a026c1263a66054dbdada647f626410b2d0f33
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:01f4832e6924f6ab36c8219d577c4e526e74db0b
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:614761e14cf5a17f30e231f62521a93284298de5
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:3f659e38cf397c3b430230930383e07657e49022
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:f7a21a1857b017d7a537f94759b8fbc3089adb6f
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:da0f8e1296f37806d9f79a9fa9a7eb035d34a7d0
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:c332f772a1a897e696f88b593d186751deae818a
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:d4365757f0aa936660732f20f827b65ad0460b56
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:cf5eb6d05a29e7971c28e94aa173aaa6e83baff5
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:53f7832670ef07cb43edd17e7cace13be7c21f60
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:9dfa6af0b29e6a46c195f00b048ec432507bcc09
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:c2b6f3f3253b1cf6742c8263c901f8cb567dd26e
  • alt-php80-sodium_8.0.30-54_amd64.deb
    sha:3b0b046b2ab24761b154c642fd0c985d1c150607
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:e37d209d9678688d2dae9ace896f182f8f8ff685
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:c372a415f0b3d5b7e7835c937a46b0c192726f32
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.