[CLSA-2026:1784103632] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-15 08:20:45 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:213cff8f41d3b9a9990d934f6df2b0df2640242d
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:c79420d19cfb62aeb1ca81f17d896a575dee6e71
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:988ddcbd14487fad6547eb3c90d9bcbd5a7eae52
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:f92836608dc585bbdfd72b4fcf27f282a2267c8c
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:45a994391152dd3c39e434e9d389915a6c9d64c4
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:1914da2fea9c95bc50a9a4371b56caaf4f8718bf
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:6b42697185fb191ad4425af4b3f1f07d91c3d52a
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:7536e0339888d8b79cc69be6e562356781835b3d
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:00e921069aeab098f871c7f570f683b109f9486c
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:c95113223ad28b85ad943223baa95b9e89a06d65
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:caccca237fcfe7a9ed5a74199a6830aac905bca3
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:a1d66058261cf769563e1678c2f66b61bfda7ca8
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:e25116342f74cadf3c4fa7350ed1a6291fab45c0
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:13e763818a9e9e3e5f1194fb056f1d7ef91f26d9
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:271bf747b35b5c8095a8762d7766a14e462fe218
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:a699bd2109c078159b893c0c7b2e93cd3e1d2eb2
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:35bba66cd4e73ce147591e9e9daa85332f02138d
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:74a1105a0e11ad7035ff191a1164c61010ae830c
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:82799ebbcbfe53267508431e6aef30adf1dd4e9b
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:e2759fa781a4fc310806332867ac2c06bcaa3e81
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:fb89000d6f22b69d5f9ee570f34d23c68a4eb964
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:dd79a09a97081b5605f0c116afec63d768c9efa2
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:40fc402905b075599212b60a31b8502514ef665f
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:42965a5a79953660ac11e512fa31cadf1db332cb
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:03c40d368295ac1386973f35dabbe99bfe728bbd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.