[CLSA-2026:1784022964] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 09:56:21 UTC
Description:
* CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81_8.1.34-23_amd64.deb
    sha:f031f5b8b8cf1a51ef7d633e86e835dfbd1a2433
  • alt-php81-bcmath_8.1.34-23_amd64.deb
    sha:21ef3e51ea97f63ee21402b8ab02db720dd1481f
  • alt-php81-cli_8.1.34-23_amd64.deb
    sha:85239c2c01e080d32f84a7b11a2488dee7dcb736
  • alt-php81-common_8.1.34-23_amd64.deb
    sha:036294d203fcb09929b4308ddc0943b92e9ca4bc
  • alt-php81-dba_8.1.34-23_amd64.deb
    sha:daaeb3a3b03858e13891ead6525ea5c983d00056
  • alt-php81-dev_8.1.34-23_amd64.deb
    sha:d2a235db41d9cfda4eecea4e38af44c42bf12c08
  • alt-php81-enchant_8.1.34-23_amd64.deb
    sha:0b36adf9ea9871917e5bbeca8dec19bb64df9bbe
  • alt-php81-firebird_8.1.34-23_amd64.deb
    sha:871a68cfa61db770408883098057a41cf7dd26a9
  • alt-php81-gd_8.1.34-23_amd64.deb
    sha:bc7191696b8faaa0e8cf5d0d5715c9fa1a556bb1
  • alt-php81-imap_8.1.34-23_amd64.deb
    sha:cfbf2e4f45183c889b3436bb70d627fb032e6c1d
  • alt-php81-intl_8.1.34-23_amd64.deb
    sha:0abbed57d774ec5a4daad0cb58edf4457843fcfd
  • alt-php81-ldap_8.1.34-23_amd64.deb
    sha:169658f80b4b0d25a9be803c0f83d35207366fdc
  • alt-php81-mbstring_8.1.34-23_amd64.deb
    sha:f5dfd4b46da02f48f29f57547d30d69946c92adf
  • alt-php81-mysqlnd_8.1.34-23_amd64.deb
    sha:982880443a444091123115101382052935b8be3d
  • alt-php81-odbc_8.1.34-23_amd64.deb
    sha:84a220196d0a8e1d2b3543637019269360ef55c0
  • alt-php81-opcache_8.1.34-23_amd64.deb
    sha:7af3f7db08e85397abb4a173dca81ce1b1e8d808
  • alt-php81-pdo_8.1.34-23_amd64.deb
    sha:01ef6d9f8600d8a6e70bea0baa1339ad10a03ab3
  • alt-php81-pgsql_8.1.34-23_amd64.deb
    sha:bbd6650673ce80a9f70c2d1682b99600280bdcf1
  • alt-php81-php-fpm_8.1.34-23_amd64.deb
    sha:82d3bb12314be70a2b260ed814d3c3af8e3b19dc
  • alt-php81-process_8.1.34-23_amd64.deb
    sha:5b85ca18111295c27c2a4ac57da5a6101ae7d0c4
  • alt-php81-pspell_8.1.34-23_amd64.deb
    sha:baef5ab9b9a4aaa8eb63f50ab55d5d5dec8def48
  • alt-php81-snmp_8.1.34-23_amd64.deb
    sha:c9510a6bca4fd92bf3a067eea20ec1bf92c2e1ec
  • alt-php81-soap_8.1.34-23_amd64.deb
    sha:8cbbf5dda1496c2b636b9dfb4a55fcfe6bee327f
  • alt-php81-sodium_8.1.34-23_amd64.deb
    sha:dff10a415f93c5571e972659969d809b7ef86b50
  • alt-php81-tidy_8.1.34-23_amd64.deb
    sha:c5e9fab73862f73be44c73d7dfc23dd60bc15dab
  • alt-php81-xml_8.1.34-23_amd64.deb
    sha:483929b3f9ba73812a4215a66e9bb954f8e86d78
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.