[CLSA-2026:1784023917] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 10:12:14 UTC
Description:
* CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81_8.1.34-23_amd64.deb
    sha:232913ed4ec52b65036cc0f43cab8429dd4d4b1f
  • alt-php81-bcmath_8.1.34-23_amd64.deb
    sha:2066d30d8e92a75a71fccfee4f6e6ea0cf7aa82b
  • alt-php81-cli_8.1.34-23_amd64.deb
    sha:a1271fe0897f1009261348298d4efa07ef09d8d0
  • alt-php81-common_8.1.34-23_amd64.deb
    sha:ae47e32e2a5dd2542a2d6b9729ec09f687fcae56
  • alt-php81-dba_8.1.34-23_amd64.deb
    sha:fd1087921036ba31dcb8947ae60736d1248e4013
  • alt-php81-dev_8.1.34-23_amd64.deb
    sha:adeb478898c3bb81a91156a6b7506c5e597c79d1
  • alt-php81-enchant_8.1.34-23_amd64.deb
    sha:a18bf868ee526d4d7228fb4203c3b26fcc495a3f
  • alt-php81-firebird_8.1.34-23_amd64.deb
    sha:14b97207647919029e42a39183c8aaa9a4142695
  • alt-php81-gd_8.1.34-23_amd64.deb
    sha:a2ceac29885979016e9189a94a754f9996eed958
  • alt-php81-imap_8.1.34-23_amd64.deb
    sha:a996e2ee788e37c2cbf905bace238a0600dc7950
  • alt-php81-intl_8.1.34-23_amd64.deb
    sha:f65bc843380145e24b79b2b569f1a2da9818feba
  • alt-php81-ldap_8.1.34-23_amd64.deb
    sha:e4ce86bc49bc142e671b9c0db3cf2f5667651971
  • alt-php81-mbstring_8.1.34-23_amd64.deb
    sha:cec8bc594dc4181181eff2f5e59ffb3e8ae5cf51
  • alt-php81-mysqlnd_8.1.34-23_amd64.deb
    sha:fb59447dcaea7fc127aeb1afcafa089c481f687e
  • alt-php81-odbc_8.1.34-23_amd64.deb
    sha:83f5bdef5c97049443a02e78aa93420af5d9291e
  • alt-php81-opcache_8.1.34-23_amd64.deb
    sha:187568866ef6af4551d145b6ddff9600ca98e268
  • alt-php81-pdo_8.1.34-23_amd64.deb
    sha:e81c463a43dbfbedf1dbe6b3ffb7c9a136d09562
  • alt-php81-pgsql_8.1.34-23_amd64.deb
    sha:c24a10aa303f9a638bc18b706351060fece8565f
  • alt-php81-php-fpm_8.1.34-23_amd64.deb
    sha:10ecda60c8e21817ea53ec839dead0e872ad42c4
  • alt-php81-process_8.1.34-23_amd64.deb
    sha:522d7ad3aac3fee495bbde9aa28caee18e56f218
  • alt-php81-pspell_8.1.34-23_amd64.deb
    sha:76ea45078bc6ddcbcfbda154a8e96b88b46a885c
  • alt-php81-snmp_8.1.34-23_amd64.deb
    sha:d48a1f2e032fa05903d1460ce975d19b062375bb
  • alt-php81-soap_8.1.34-23_amd64.deb
    sha:ab8cd5835d574ba327ffa465c042993df830fbf2
  • alt-php81-sodium_8.1.34-23_amd64.deb
    sha:334cb3a8360cc2c34d078c5553825015beba42f2
  • alt-php81-tidy_8.1.34-23_amd64.deb
    sha:2f9e76c27933c007f18a52fb94fc88ccb7991126
  • alt-php81-xml_8.1.34-23_amd64.deb
    sha:2f1a68d3a41d13773ea841461e82fd33e5ecd690
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.