[CLSA-2026:1784021040] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 09:24:15 UTC
Description:
* CVE-2026-14355: openssl_encrypt() heap buffer overflow on AES key-wrap with padding (aes-*-wrap-pad, EVP_CIPH_WRAP_MODE). php_openssl_cipher_update() sized the output buffer as data_len + one cipher block, undersizing it for RFC 5649 padded wrap output (roundup(data_len, 8) + 8) and overflowing the zend_mm heap under OpenSSL 3.x. Reserve one extra block for wrap-mode ciphers. Backport of upstream php-src commit cbc0489126a7682796aad1e5fb4e51de74af162c (GH-22187).
CVEs fixed:
Updated packages:
  • alt-php81_8.1.34-23_amd64.deb
    sha:d62146bf9eb0f9cf1af9929d302d63fed9ee8bb1
  • alt-php81-bcmath_8.1.34-23_amd64.deb
    sha:9d0cc02b7f5f4d732155638f6151695861612549
  • alt-php81-cli_8.1.34-23_amd64.deb
    sha:7748cf236e90a0f4f914ec78f696283a937941a8
  • alt-php81-common_8.1.34-23_amd64.deb
    sha:55ab48538c73a41581c185d99398fe0952f3dbb6
  • alt-php81-dba_8.1.34-23_amd64.deb
    sha:4ade173496214714ced9b6ae0ee5b3baf53373f4
  • alt-php81-dev_8.1.34-23_amd64.deb
    sha:148d455eb324b25261025355b01c32c2ed85b600
  • alt-php81-enchant_8.1.34-23_amd64.deb
    sha:5d1a3b569d7b14564a5fba7cc09e287b70fd3d26
  • alt-php81-firebird_8.1.34-23_amd64.deb
    sha:2d5c267d9dc1f8c26fd22640d119558a6090ab1a
  • alt-php81-gd_8.1.34-23_amd64.deb
    sha:d5aa547b7654985e410a50d5ec95597fc4566418
  • alt-php81-imap_8.1.34-23_amd64.deb
    sha:3adf7483888b33adc2733750bb237a1b769a5e43
  • alt-php81-intl_8.1.34-23_amd64.deb
    sha:bb9d5d694ebd7e089afa47745d50e69a1d5fb728
  • alt-php81-ldap_8.1.34-23_amd64.deb
    sha:ce5c8697b79866b167ab18bf26cdfe4ea5a77881
  • alt-php81-mbstring_8.1.34-23_amd64.deb
    sha:9e11c1d05bb784ee0bd56a608ec55db0cb52b676
  • alt-php81-mysqlnd_8.1.34-23_amd64.deb
    sha:58723a3ba3ce3719a15e585a40a359187efe9dca
  • alt-php81-odbc_8.1.34-23_amd64.deb
    sha:5c7b310f67d306d409b09199c40fa33ebd5d9e17
  • alt-php81-opcache_8.1.34-23_amd64.deb
    sha:680204daee1fa90867fd7c580ca0e0d6a16bf9bc
  • alt-php81-pdo_8.1.34-23_amd64.deb
    sha:49f7b785df3bddaba29433f31ca486fb5ea9ddbc
  • alt-php81-pgsql_8.1.34-23_amd64.deb
    sha:648074e19a28e2a0143ec2948f926635464286ce
  • alt-php81-php-fpm_8.1.34-23_amd64.deb
    sha:5d83d393dd352f2e8a3a094cf9b5b9d306437daf
  • alt-php81-process_8.1.34-23_amd64.deb
    sha:481f83590391b9451bb2ab15742296fafd103e52
  • alt-php81-pspell_8.1.34-23_amd64.deb
    sha:e638ef97d5c22d34b59d280824d90b41334b3252
  • alt-php81-snmp_8.1.34-23_amd64.deb
    sha:682635c24a6115b70b939c44ce74fd9b69cc2050
  • alt-php81-soap_8.1.34-23_amd64.deb
    sha:4246907699f1867902fe3b8c9a2f60d077e2aab4
  • alt-php81-sodium_8.1.34-23_amd64.deb
    sha:77e4cf9de422a3893e844bad3124f2f52c61f3a7
  • alt-php81-tidy_8.1.34-23_amd64.deb
    sha:4436eb10f61e0437c86a4f2aaac5c03b31ec3625
  • alt-php81-xml_8.1.34-23_amd64.deb
    sha:d5c496f1303fe484ddba67463292287a785b9ccd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.