[CLSA-2026:1784024354] alt-php81: Fix of CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 10:19:31 UTC
Description:
- CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81-8.1.34-24.el9.x86_64.rpm
    sha:5cd9b5c48e811057b58dc4d3389a679258db431880f798d4e0f36f723e59ee79
  • alt-php81-bcmath-8.1.34-24.el9.x86_64.rpm
    sha:911548d74eab75ca320c4c75a0a5a64f09ec24c0a3cca3b5a516317c04d3e6c6
  • alt-php81-cli-8.1.34-24.el9.x86_64.rpm
    sha:21a481bc7937c1cd8da421bd2064b07068ade38f6d2d831e5d25b5f284d9966a
  • alt-php81-common-8.1.34-24.el9.x86_64.rpm
    sha:5e5cf74d3687560f373d9bfdcde50c3e470123bab5b3aa35db16ef588a46d219
  • alt-php81-dba-8.1.34-24.el9.x86_64.rpm
    sha:11453f066c75c24ca5ceb8517b7768d7aee3823c3618dbb9151fa273148ebc8e
  • alt-php81-devel-8.1.34-24.el9.x86_64.rpm
    sha:68255a36a75ffda26a8e92003c1cd3604df4a045da3480ab32b4179580ead31b
  • alt-php81-enchant-8.1.34-24.el9.x86_64.rpm
    sha:3a0efbc0a905e0068695e9b48d0c8c736260a95ee193dda17656986736c09a6f
  • alt-php81-firebird-8.1.34-24.el9.x86_64.rpm
    sha:1961d0bd35ced9465c22feeb4a1e92fa44e1e742dd2c8ad7065e2e60ac2de565
  • alt-php81-gd-8.1.34-24.el9.x86_64.rpm
    sha:9b36dd22eef919342fb81f64b313dcedd4e5305924ed673f9acc93753a9b6d42
  • alt-php81-gmp-8.1.34-24.el9.x86_64.rpm
    sha:4ba150c02f8cc53b570409f099227ec3ac8c2b3e09b745282f2ccbaa96f0c8f3
  • alt-php81-imap-8.1.34-24.el9.x86_64.rpm
    sha:907e344938751b39efcebf72f1215dd1576c0e27b91bbf4f1a733a47e6d8889e
  • alt-php81-intl-8.1.34-24.el9.x86_64.rpm
    sha:5544f28d90dca26f1e549b9f9014a4a6161b6d858091364b51cad304a3a5e4f1
  • alt-php81-ldap-8.1.34-24.el9.x86_64.rpm
    sha:56d1fea470548e78dcab0901345347730d524d2474cb78c64c75d24a01134002
  • alt-php81-mbstring-8.1.34-24.el9.x86_64.rpm
    sha:c27f0f68816f990c0af697b9547962ae4d8a2b369b0a07395242e914dd1969f7
  • alt-php81-mysqlnd-8.1.34-24.el9.x86_64.rpm
    sha:2aa3d07a2da2085e2c1659b5c3455238180e62c924101f731673684c18c41895
  • alt-php81-odbc-8.1.34-24.el9.x86_64.rpm
    sha:d16fe9509e09c89af1be75ab633e21e994da772513536ecb298956cd982ea7bd
  • alt-php81-opcache-8.1.34-24.el9.x86_64.rpm
    sha:3eb7705476c1232549eaeeb7d4a93354fae0dca1926602d1f8fae12639fb4df0
  • alt-php81-pdo-8.1.34-24.el9.x86_64.rpm
    sha:14a7dd47f9fbba285dea278c696d2d51fbb2633898b9a502ce2b01769abe7a67
  • alt-php81-pgsql-8.1.34-24.el9.x86_64.rpm
    sha:2563aaee22339b858db74ce6e118ec422fec35ca2b0d774ae2f0da44f884969a
  • alt-php81-php-fpm-8.1.34-24.el9.x86_64.rpm
    sha:72adc05e3cc1b0203ace623f6187a8c7e9124813a4498d449ef606950ddc75d1
  • alt-php81-process-8.1.34-24.el9.x86_64.rpm
    sha:f68bbb16132a3e6768dad41a66b006023d6dd052af28a2dacc3d08ea73492136
  • alt-php81-pspell-8.1.34-24.el9.x86_64.rpm
    sha:06089788897f14649499b77d045df0b9f820492578c8a1dd68a0468317c65474
  • alt-php81-snmp-8.1.34-24.el9.x86_64.rpm
    sha:2dd347e66a6b78668d5178ef1bcc654afa16fca70352e2f9ef28019c80cabc5e
  • alt-php81-soap-8.1.34-24.el9.x86_64.rpm
    sha:cb97c769260a27cabb517135e35e88181c00254eeac3c7f40fab5d7ca6ad1c29
  • alt-php81-sodium-8.1.34-24.el9.x86_64.rpm
    sha:7d856264a4ee345e9e99d08d8e050ab2f06ff581432d194469145030a7191caf
  • alt-php81-tidy-8.1.34-24.el9.x86_64.rpm
    sha:d10cf4a2ca12a2ddf2605f81bff972c8df1d8a3e9143c5a4d46d11e0d83579f5
  • alt-php81-xml-8.1.34-24.el9.x86_64.rpm
    sha:ea64327573e260e1ee9917144c4d22e78e6533ddee0b8274d836aa5c644c5c80
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.