[CLSA-2026:1784039027] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 14:24:05 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:753cf2fbf21283696885c29ef4d614f0396f26b9
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:d85061033c8b682c77ccf0792b01de3b675bc615
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:9d6488b17b6faf5d9fa111aab43d927885341cee
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:6ad0cb9412a73c32ea3477db3b2b48fa19ab085d
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:c3405128ffd6b4b950559e1ddec9604c80297d51
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:9c7db4a652611da329e5c76c77d7956136d36066
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:60fb68f55c1d0560b281f06c9899db9b700f9304
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:9452d9ca09733dc3ac4883fa06edf6fcc123b54e
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:36caa4808c41f6d6ade39129404cb62490712da3
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:601e71328f68ccd25bfb5e40dd03b9ea16ff216f
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:f80f44e543f84059c6cfe9fa897189e75ebeac14
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:85224ec37a20434bf512248bfe28f33e20d175f6
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:bf5938acf802c1016503745927b6ce30082a1aee
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:dea4d3a3219cd3ce757dce6c179ef114759d1d4c
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:3494aeb29dfea80fe7994069e2a6e236b73e4cdb
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:eb36a8bbae2283cca498c95e7039d2c39c32c4f3
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:acb2c357044190f1c75857036ab16117a04c6896
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:03259b87f7510fdbab17f2c5eb13a3f02f7ffa85
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:630bb06305a3f5c55902472c9e387acf62f8918f
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:e9e750329e80cbcccf27db35b4850958233055ab
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:6b8da9d3a77fcccbebb0e28e9c1cb60a61f460c4
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:ac103d3e42a661bf5c0a71572d8f2cfad286ce53
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:98fc185645d629a0ed07d93f077b65fe17b9452b
  • alt-php80-sodium_8.0.30-54_amd64.deb
    sha:61fe2512d5e5aefb2782b4ceb728b17f78b16d49
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:4a2e4f28f3d72da12a1980560703ce23b1726fe9
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:1ee56e2e5b793463e2aa9835df666ca76cd5a85c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.