[CLSA-2026:1784043552] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 15:39:30 UTC
Description:
* CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81_8.1.34-23_amd64.deb
    sha:4f2669cd310e868324a19bf7ba0702c19d6c9e7b
  • alt-php81-bcmath_8.1.34-23_amd64.deb
    sha:39cb57ad494affae8ebaaca2e196c81fd930c89c
  • alt-php81-cli_8.1.34-23_amd64.deb
    sha:9699a6dd5b4d5ecb04d93f45299af487d1486828
  • alt-php81-common_8.1.34-23_amd64.deb
    sha:0bc49de93cff5c041bb4b57279979c57dc61fb24
  • alt-php81-dba_8.1.34-23_amd64.deb
    sha:ebc2ee9ba20e3959a4650d92ab06a0132cd33ea8
  • alt-php81-dev_8.1.34-23_amd64.deb
    sha:5c6c68d460152ede57938cb248d67d79ee8b9f45
  • alt-php81-enchant_8.1.34-23_amd64.deb
    sha:b69e3df272c2bad3d6ff84c0c0f5ec315b473e79
  • alt-php81-firebird_8.1.34-23_amd64.deb
    sha:24a615ac748023c0ccf6df29353c678a375416f8
  • alt-php81-gd_8.1.34-23_amd64.deb
    sha:c67dcd0857d9e023a606c17ad64e248515cdefe1
  • alt-php81-imap_8.1.34-23_amd64.deb
    sha:481a18138859e78a9c7bebd008b264d42d18deb1
  • alt-php81-intl_8.1.34-23_amd64.deb
    sha:19220a2c28d389798ad980879f8b39e94c507a98
  • alt-php81-ldap_8.1.34-23_amd64.deb
    sha:17048b252df442d79282d6cb8279b63031f90fa2
  • alt-php81-mbstring_8.1.34-23_amd64.deb
    sha:88215c4612bc96e78bd1fd4c0ee43384903181d4
  • alt-php81-mysqlnd_8.1.34-23_amd64.deb
    sha:a4f6eab1b999a45b33a2db01da142249e53f59ed
  • alt-php81-odbc_8.1.34-23_amd64.deb
    sha:19835ee91661e34bbe694b1d52560304c4750f71
  • alt-php81-opcache_8.1.34-23_amd64.deb
    sha:e9f5d32494e3c1db1bf6e41761c8030a6c13fd13
  • alt-php81-pdo_8.1.34-23_amd64.deb
    sha:68c731e699772e5114aba56baca2a00cb5c06340
  • alt-php81-pgsql_8.1.34-23_amd64.deb
    sha:02edd63858ecf7810774bab2770ba2717a6d52d3
  • alt-php81-php-fpm_8.1.34-23_amd64.deb
    sha:966e969f4fc6e445abc6092fbe1fa7a984e3270f
  • alt-php81-process_8.1.34-23_amd64.deb
    sha:121eb7ac10ad0867abc84f0b7ba0bda98bfc618d
  • alt-php81-pspell_8.1.34-23_amd64.deb
    sha:92e8be2baf7a4877004b5666453c45b1b36e4200
  • alt-php81-snmp_8.1.34-23_amd64.deb
    sha:282ddc662c92b7b15d9bab48f376afca511e4d37
  • alt-php81-soap_8.1.34-23_amd64.deb
    sha:04c30bfe51fa460ac0d5580eaa25ce57fdaa3c4a
  • alt-php81-tidy_8.1.34-23_amd64.deb
    sha:00d873d2551bef89f6584bda21863e273fbd667a
  • alt-php81-xml_8.1.34-23_amd64.deb
    sha:6e592c493e67d61be58409933a51592e63763700
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.