[CLSA-2026:1784022531] alt-php81: Fix of CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 09:49:08 UTC
Description:
- CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81-8.1.34-24.el7.x86_64.rpm
    sha:f66b2c3ca68e477ae13cdd38ed9b1a5d6c1f3a9d4062ea8a074290df1384b52f
  • alt-php81-bcmath-8.1.34-24.el7.x86_64.rpm
    sha:685a64f80264ff34ff962295b555d90b1c4923ec30cb78610f0eb99c7813038e
  • alt-php81-cli-8.1.34-24.el7.x86_64.rpm
    sha:5ec4fc3c77f18cd009ab836bd69ab11dca05a2068b3e7a24fdb2803c7efe827b
  • alt-php81-common-8.1.34-24.el7.x86_64.rpm
    sha:c4f97576be0175b14e4bb1f062ce6ed1f8dba7924623ea3ed7ad755ba801696b
  • alt-php81-dba-8.1.34-24.el7.x86_64.rpm
    sha:085883bbe987d09b1a460af3fd8e378d7cc98fe1f5cab42abc967eb5f287e30d
  • alt-php81-devel-8.1.34-24.el7.x86_64.rpm
    sha:8220bbc7ad93624b4f45a47af39cf517358aad8ac7a1d6db0c71055760f84304
  • alt-php81-enchant-8.1.34-24.el7.x86_64.rpm
    sha:bf9041139b98a29b7dae40b57a52c52de3d1c3b8af9e9a9980485ffd33e0d026
  • alt-php81-firebird-8.1.34-24.el7.x86_64.rpm
    sha:0dc9f848041b78b8aeb167168acf4b6212397ae08396c437404cb25a51267602
  • alt-php81-gd-8.1.34-24.el7.x86_64.rpm
    sha:4d5ed54dd9ba38c221fcaf534479baab9acffd27ef4d8979f3acb308f18e4a36
  • alt-php81-gmp-8.1.34-24.el7.x86_64.rpm
    sha:8e2ce33c34468a99122613a55d399d449ce30aeae06432dbd2393b5affb2a0c3
  • alt-php81-imap-8.1.34-24.el7.x86_64.rpm
    sha:c3df281be3aec65938dca21170ccbc39289013eedf180b7a3483f50814eb685c
  • alt-php81-intl-8.1.34-24.el7.x86_64.rpm
    sha:32b01262c323b3ffe473c8826d237ed99deb05d88761a346972568c582b93a3c
  • alt-php81-ldap-8.1.34-24.el7.x86_64.rpm
    sha:1e32d3949eb1310765c2b24b2463d968d14c8ad7d8c57ed8b0724ff3bddaa43d
  • alt-php81-mbstring-8.1.34-24.el7.x86_64.rpm
    sha:347030133dbf53d0aa67df87bf43ec3ee0328c9332582acc2f29f1f691a8a3cd
  • alt-php81-mysqlnd-8.1.34-24.el7.x86_64.rpm
    sha:630e50f61ed757fb3443bb78167dc39ddf2de60ab69bcf4caa1fd5a6233a8b21
  • alt-php81-odbc-8.1.34-24.el7.x86_64.rpm
    sha:948cabb2093846376f1776d3d227d464b3aa28eb3759feae4f23db53c9285e63
  • alt-php81-opcache-8.1.34-24.el7.x86_64.rpm
    sha:8f557c3e6be4b0e5b1b9cc34b400557d41f5a965eda5843bfcf8190cb28eca75
  • alt-php81-pdo-8.1.34-24.el7.x86_64.rpm
    sha:7c620eb31fdc575523a8dd7ae637de9b649f269f950d52b1c142911c75ec49c5
  • alt-php81-pgsql-8.1.34-24.el7.x86_64.rpm
    sha:4c578d6d34f26adb80ff2d64cbccf6c230571be3ccc9ccd6b22ca3238045b3f7
  • alt-php81-php-fpm-8.1.34-24.el7.x86_64.rpm
    sha:35baa752d9b72fb067736803258dc6c37a49b2740dd9a628f778e25f18ef5eda
  • alt-php81-process-8.1.34-24.el7.x86_64.rpm
    sha:720cfa9bdc138faf79a15c0b306af90036556548f0bd62ca34c179cb2453ec7e
  • alt-php81-pspell-8.1.34-24.el7.x86_64.rpm
    sha:663bd6e11a86cf59f546c36d8fb7f116042158f7c190c2860b4cdd35f95d622c
  • alt-php81-snmp-8.1.34-24.el7.x86_64.rpm
    sha:7ed009c0632b55f6ba1e7b1070250b73303b3c725b87349f7059820ad2595d6d
  • alt-php81-soap-8.1.34-24.el7.x86_64.rpm
    sha:ca8c8d3153565805ee3470da46a817fc845ad5aa4cd28766bbdc30b91ee9c00c
  • alt-php81-sodium-8.1.34-24.el7.x86_64.rpm
    sha:bcc281954d7267307ca89af6b59f974b83e57d5cc9e8e99efbdcdff400077e14
  • alt-php81-tidy-8.1.34-24.el7.x86_64.rpm
    sha:3d252150d2fbb4c144ab0e84aea63d8569dcfc712df62538d0269018827f9025
  • alt-php81-xml-8.1.34-24.el7.x86_64.rpm
    sha:3c0cefc20ad3d848aa8311f15bf1879def8bfa668bcfc9a899c503039066be0b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.