[CLSA-2026:1784038203] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 14:10:21 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:4cfea89c9f5fb546fdef40458725a46f5d90f46b
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:d131cc9e70769c8f77cba577503b25f3d0190823
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:b4251df19ec73e5c95b39a49c4a9dcbf8cc553e0
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:beb4b2d26eba13c603e234097bc03012e7d83cbb
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:83537d8c99618d0d86def08e61a5a5c08b45a87f
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:2c9ef969cc93c636978ca839f3eb4d8d1e032b6b
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:19969c56c0270cf3c21b9e09b3fc8471553a35cd
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:2b6cf77f3e24262927922ac39296380a40435b31
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:fc5a600df73d07f68a9cd39e687f3ce8ec5fe4f1
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:957f59d80ac2dca80cef971f53539dcb62065613
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:b0db56a383b52724e1735fcf799b71ad05f842ab
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:f38f4111ad90e0e5d9963d1c8f58fac96c4c7fad
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:2f343e395b153bfdb1c502cda0647076cb8b1ce9
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:44d43c36d9a41f7a669942a5e5d3787c2c6ac4e7
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:76640011b00b641a3c55d3a1699e0e905f4c1eb6
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:69cfad4e0ee8089df29532f500baa8a426b1936c
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:0ca0b93f9215a620324c27cabae157d565811090
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:eadde90e25a7d300e6a86a4648645def97532832
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:1d7bebef88a8df0e90bc1ec06b712c01033e2be4
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:04991e6971a80ba8eba264d3bf5ee4608aeba1ee
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:ce9993983a9a23aa31ce0250998576945ab47fc9
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:19029224c4d09ba7cdab56b48a53acf7db8cf61c
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:5258cc549c451a44a59c926198cb44887e6ab074
  • alt-php80-sodium_8.0.30-54_amd64.deb
    sha:6ca09cb2c1ee0c8d4c9e7f195a86588478f11257
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:4a5f9934edf203d0f37bb8ce237914e5534cffa8
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:35a65fb24e3578191b8d8336fc39abc57074cae6
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.