[CLSA-2026:1784045199] alt-php70: Fix of CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 16:06:57 UTC
Description:
- CVE-2026-14355: openssl_encrypt() heap buffer overflow with AES key-wrap-pad (aes-*-wrap-pad) ciphers; the output buffer was sized as data_len + EVP_CIPHER_block_size, which under-sizes RFC 5649 padded-wrap output. Reserve an extra block for EVP_CIPH_WRAP_MODE ciphers (backport of upstream php-src cbc0489126a7682796aad1e5fb4e51de74af162c)
CVEs fixed:
Updated packages:
  • alt-php70-7.0.33-135.el9.x86_64.rpm
    sha:7dad26493b268c444bc3e67530c3f6311d47c69b48cc1b307e37a3d86c92ad59
  • alt-php70-bcmath-7.0.33-135.el9.x86_64.rpm
    sha:6cc40128cc93c7c946de681ad6a40dcac94e4520adc6aa4321a812841f028a0a
  • alt-php70-cli-7.0.33-135.el9.x86_64.rpm
    sha:c89a56b049f92d0faa2aa0c4f65527c71b685454434f2922a879df6231c461ec
  • alt-php70-common-7.0.33-135.el9.x86_64.rpm
    sha:f0fa66e279b54b0b3b2c2088f166b51399428f72f9faf3bfc42824476b8c32b1
  • alt-php70-dba-7.0.33-135.el9.x86_64.rpm
    sha:68716e609c13d1be8f0233f48bb464459199c6aef6cf10c634618452f56c7b57
  • alt-php70-devel-7.0.33-135.el9.x86_64.rpm
    sha:e142884610f5bcaec898eef0acca4a5d2d818a262187e87ff9c0b0bb56fd7bdc
  • alt-php70-enchant-7.0.33-135.el9.x86_64.rpm
    sha:843e1957d162e451e5a9c07ab68b047128f5ab4e79ecbda34d53cf44be307da5
  • alt-php70-firebird-7.0.33-135.el9.x86_64.rpm
    sha:1a25dfb11578f38d2fd1a6eee64aba0e42e1d4686f154dc6760933e01c96bb3d
  • alt-php70-gd-7.0.33-135.el9.x86_64.rpm
    sha:d305de3c55113033f1cc8136e356610d7509d2404c57f8bad91568b86425e2ad
  • alt-php70-imap-7.0.33-135.el9.x86_64.rpm
    sha:f57fecfea86e6d3a7235ff0f5f49576fed471c275a4260c8c4d04539ed6fb547
  • alt-php70-intl-7.0.33-135.el9.x86_64.rpm
    sha:765d1afa5de135a0a5cecda771fd15292615fd63dedba5b4546ece1093d79952
  • alt-php70-ldap-7.0.33-135.el9.x86_64.rpm
    sha:b070e0754bf395eb95653fb0fa1f0f3c9b74cc8b3fad55daefa47f560091953c
  • alt-php70-mbstring-7.0.33-135.el9.x86_64.rpm
    sha:92558e0fba0cc494709b79d4117b2d1cbe5b1dfa4310b4ec8e95d78a57bd08e5
  • alt-php70-mcrypt-7.0.33-135.el9.x86_64.rpm
    sha:1f841bf724301b433d9397d482216eeb43dab2709a098b08e794421ceb3d0e6f
  • alt-php70-mysqlnd-7.0.33-135.el9.x86_64.rpm
    sha:9d2aa4bffe1dadac88332bba02fc37cddda0d1872f1f28c7f337ac8c1bfd37cf
  • alt-php70-odbc-7.0.33-135.el9.x86_64.rpm
    sha:a36ea2eb42f0631e1d79c2f7d6a5bb0d63c3f049e6413efb33fe28cd7506f94e
  • alt-php70-opcache-7.0.33-135.el9.x86_64.rpm
    sha:1d613d6a44217b06cfc88382e757988026f758f1f357e9c920fd447244f60473
  • alt-php70-pdo-7.0.33-135.el9.x86_64.rpm
    sha:fa6cd14973e5fa789fa02671969d79464d193c443ee59e217b2c73f97adc0abd
  • alt-php70-pgsql-7.0.33-135.el9.x86_64.rpm
    sha:73f626e09002df5e48d5203d6f69aac57218a471d4b44afd8fe41c7019609ce0
  • alt-php70-php-fpm-7.0.33-135.el9.x86_64.rpm
    sha:9e47dbf5693d13df4b02a074a7eb57bf5b1913768547dd17ce356a2effa197ac
  • alt-php70-process-7.0.33-135.el9.x86_64.rpm
    sha:d4b3a625312cef925692bea25c99f8dd0d3db76ce010705e5e00960b3fea1e84
  • alt-php70-pspell-7.0.33-135.el9.x86_64.rpm
    sha:5c1d8c24ab6e19adba5f5467537f0bf6dab0f43171f35e6ca327819302fda146
  • alt-php70-recode-7.0.33-135.el9.x86_64.rpm
    sha:742a9c81e114047f2f5b8dd724ed9a8228a66adf2dc146b20e59dea44608a1ec
  • alt-php70-snmp-7.0.33-135.el9.x86_64.rpm
    sha:879e933ddda7a87d264f6eac8d918303a3fb1d5e059414d760598c205402ca09
  • alt-php70-soap-7.0.33-135.el9.x86_64.rpm
    sha:f2d1edf0f7983b7d9b65bf593f8c74f9ce3e7c165871b8f2c57645ec161b5563
  • alt-php70-tidy-7.0.33-135.el9.x86_64.rpm
    sha:020135cd098243ea199d1faad29ceafd002a4e590f7baedeef7dc24d744053a6
  • alt-php70-xml-7.0.33-135.el9.x86_64.rpm
    sha:5b3ce5880ce273317132a2c094cf0d1bee08a43e27980773c3decb8fa3f2690d
  • alt-php70-xmlrpc-7.0.33-135.el9.x86_64.rpm
    sha:005ac50543c9b720454353ffc812d90e00c7b979712eec52694da83bd2a2c666
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.