[CLSA-2026:1784108536] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-15 09:42:29 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap-with-padding (aes-*-wrap-pad, RFC 5649) - debian/patches/php-7.1-CVE-2026-14355.patch: backport upstream commit cbc0489126 in ext/openssl/openssl.c — reserve an extra EVP_CIPHER_block_size for EVP_CIPH_WRAP_MODE ciphers so the output buffer fits the RFC 5649 roundup(len,8)+8 expansion. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php71_7.1.33-100_amd64.deb
    sha:c289ac5304315d0f72d17b45f143bc355a9ee934
  • alt-php71-bcmath_7.1.33-100_amd64.deb
    sha:777b093bcdb10124e11b590e49f9284daaf5dd08
  • alt-php71-cli_7.1.33-100_amd64.deb
    sha:554f690f82d421f64ae7ec32337065e64e59c5f0
  • alt-php71-common_7.1.33-100_amd64.deb
    sha:c197145014148e7a6bc9c217925c23f76323acb9
  • alt-php71-dba_7.1.33-100_amd64.deb
    sha:aed84092b7d41cdae35130cfe15b7b68ca7241c2
  • alt-php71-dev_7.1.33-100_amd64.deb
    sha:76ca4347d41d33403386ec46206b2e424878722d
  • alt-php71-enchant_7.1.33-100_amd64.deb
    sha:aa1b5c08487d6b6031b7cc5f895f73359efa1e83
  • alt-php71-firebird_7.1.33-100_amd64.deb
    sha:4212f223d15b406aea586c980391e1c917d61408
  • alt-php71-gd_7.1.33-100_amd64.deb
    sha:6c8149d52515ff3160887b18250a4cd0b6dc28db
  • alt-php71-imap_7.1.33-100_amd64.deb
    sha:772a7ff3e38c19bf149de7a032d1696e627dfb88
  • alt-php71-intl_7.1.33-100_amd64.deb
    sha:a9bb0e9b6ec718b77efcf5c030bd5e4270c0279f
  • alt-php71-ldap_7.1.33-100_amd64.deb
    sha:f624059d6064cdf246ea67dd191ab2c0f5dadb93
  • alt-php71-mbstring_7.1.33-100_amd64.deb
    sha:b7bbcff3119325a8db8e7a359c827528bd87ae87
  • alt-php71-mcrypt_7.1.33-100_amd64.deb
    sha:1d1216099660524da9b63524c301feb241a95bd6
  • alt-php71-mysqlnd_7.1.33-100_amd64.deb
    sha:4b3334bd5ec6c6b6c17e31dda8ff787ddfd3d45d
  • alt-php71-odbc_7.1.33-100_amd64.deb
    sha:7f20465acb0e3be36550be9790b38d0fb01ff0bd
  • alt-php71-opcache_7.1.33-100_amd64.deb
    sha:251c367a25eddbb322ecbae383f2a343cee407d7
  • alt-php71-pdo_7.1.33-100_amd64.deb
    sha:c1b94cdfa00eac1a745a24a9f7ee4681d56b5c84
  • alt-php71-pgsql_7.1.33-100_amd64.deb
    sha:094242fd1e30ab0333153203a586ceba2996fc81
  • alt-php71-php-fpm_7.1.33-100_amd64.deb
    sha:c048fe1343a03b5df59928ff8e0cd869020bd4bd
  • alt-php71-process_7.1.33-100_amd64.deb
    sha:e4e06f1d21cb72c81af46c1d636f280410d9823c
  • alt-php71-pspell_7.1.33-100_amd64.deb
    sha:855c1dea6ccc9a8d510c23d1f2890adbe49f8a7c
  • alt-php71-recode_7.1.33-100_amd64.deb
    sha:9bbd71966c9a18d4d2a115e5128a4d7cb095a4a4
  • alt-php71-snmp_7.1.33-100_amd64.deb
    sha:55f7d9b7ff7fc4cd08191160db35acd960e39b61
  • alt-php71-soap_7.1.33-100_amd64.deb
    sha:2aa5cbcc60da32b9cac2d59060f441879e60674e
  • alt-php71-tidy_7.1.33-100_amd64.deb
    sha:fb4d2bc9c9c8662dca5a6defec084e4de0482d4a
  • alt-php71-xml_7.1.33-100_amd64.deb
    sha:ad79662dc90198c593a003795a0cf9572de2ce5a
  • alt-php71-xmlrpc_7.1.33-100_amd64.deb
    sha:2757519022b8cce3a8c433c9000bd13f200ed62b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.