[CLSA-2026:1784026216] alt-php81: Fix of CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 10:50:32 UTC
Description:
- CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81-8.1.34-24.el10.x86_64.rpm
    sha:150ac7a919a24fddc8e1b7fd001d8ad30211857771b1274cbe21fa95075314bf
  • alt-php81-bcmath-8.1.34-24.el10.x86_64.rpm
    sha:5c9a15441a81b138785d5e70441d72880ed49ee8989eccbd091482c41057e0b5
  • alt-php81-cli-8.1.34-24.el10.x86_64.rpm
    sha:0772c79e9852bb24c3a6891b7720a2beeb4756bc892a50d47c85c3586d6279ec
  • alt-php81-common-8.1.34-24.el10.x86_64.rpm
    sha:f360c41fb2ab9d92c095733229cb8e25d9a0d7da81e7f6ffa204d095bcdd6e29
  • alt-php81-dba-8.1.34-24.el10.x86_64.rpm
    sha:bfeeb3749684458983cfa89f7417def69c6399805f229ef7be466e2856556b6d
  • alt-php81-devel-8.1.34-24.el10.x86_64.rpm
    sha:d38d58be40d1c0fb67d822981325b9f0ec9a4bba5dbb7e66df415969b47ffa62
  • alt-php81-enchant-8.1.34-24.el10.x86_64.rpm
    sha:fbb14e68a01a244681847a23c55a54159401b567316b8214c67c5a031b8e23a5
  • alt-php81-firebird-8.1.34-24.el10.x86_64.rpm
    sha:fac1ec942a5e3d07d594cf386d54f69b84ca344410a2852e1fb858b553edd504
  • alt-php81-gd-8.1.34-24.el10.x86_64.rpm
    sha:b3e1dab5befc4fc1a792db1e19281a4e19117ab409a1cf57a97557d99182e2b1
  • alt-php81-gmp-8.1.34-24.el10.x86_64.rpm
    sha:1660a36a067f2e67a18d12f29552aa91420cef20c84af98ff42c7407d491e69f
  • alt-php81-imap-8.1.34-24.el10.x86_64.rpm
    sha:67a83ad786b851e0dd53686f8633ac21e323aebf948122dc59ded297b543f09d
  • alt-php81-intl-8.1.34-24.el10.x86_64.rpm
    sha:f65d8741b3d380e8f8c7f69331e53f15c3861b9bf61726485b366249042b8288
  • alt-php81-ldap-8.1.34-24.el10.x86_64.rpm
    sha:26cfa365bffdb17f0d8d3fbae25183eee04b7e2715d2133e38ba26a5f27cde5a
  • alt-php81-mbstring-8.1.34-24.el10.x86_64.rpm
    sha:800c97e49ecc0efa828e0cbc308159fc8b73e3cf121327ebdde5a5921a0bd142
  • alt-php81-mysqlnd-8.1.34-24.el10.x86_64.rpm
    sha:bd41b93a0e81b8f32a839d4179c640d6cc8c7529b3645a1b6373dc670d577c60
  • alt-php81-odbc-8.1.34-24.el10.x86_64.rpm
    sha:5aee81c1d6f1cc9153e9297760fbfa9b3afcf9482887078d2cac27e6b4c3ada5
  • alt-php81-opcache-8.1.34-24.el10.x86_64.rpm
    sha:cfa8e6d14e920f3cd6ce2cc9fdc705afad63a8e5e25b55491e81bdfb6108605b
  • alt-php81-pdo-8.1.34-24.el10.x86_64.rpm
    sha:1abcadc445b6963b2216748987d73927b3d09f1054bcf8f94ad04908d3e34c3d
  • alt-php81-pgsql-8.1.34-24.el10.x86_64.rpm
    sha:7df6ce27da7c3c5b0d27c580960fbb9606ddcf12a9da4e83c8ba62f67d7dfa68
  • alt-php81-php-fpm-8.1.34-24.el10.x86_64.rpm
    sha:60b29d10842577aee718af03e038edbb55c7c580323c4f79381d1a4cbba17fdf
  • alt-php81-process-8.1.34-24.el10.x86_64.rpm
    sha:190755c26c03c0ddaa30f68c43ca9f011a6452070b1b3b0b07e7cb56500c2403
  • alt-php81-pspell-8.1.34-24.el10.x86_64.rpm
    sha:cca6c3b016046b8f21a7b144571c1aef6ed925a4f604a23f8d72626e4e26ae86
  • alt-php81-snmp-8.1.34-24.el10.x86_64.rpm
    sha:df74baa848d743c61d5a0453eca3982c99f9b30b332401c0b94dc727c189cb06
  • alt-php81-soap-8.1.34-24.el10.x86_64.rpm
    sha:28c7c72a29d735766065a5f196c7c56d9bba9b3c72294bb88c2a3b41ee56e0e1
  • alt-php81-sodium-8.1.34-24.el10.x86_64.rpm
    sha:b239df548de6d617123e5754aba278f5ad0a594d2210a5e758b3476a73d8d144
  • alt-php81-tidy-8.1.34-24.el10.x86_64.rpm
    sha:d269897e4b0e59ef5bb4f86c7feeb9a40b5a1c402710d6c86b071e37d387ad96
  • alt-php81-xml-8.1.34-24.el10.x86_64.rpm
    sha:22742de7f87616366de4f7aed53330006d4774558bcd237ee538812957aee9ae
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.