[CLSA-2026:1784044379] Fix CVE(s): CVE-2026-14355
Type:
security
Severity:
Important
Release date:
2026-07-14 15:53:16 UTC
Description:
* SECURITY UPDATE: heap buffer overflow in openssl_encrypt() with AES key-wrap padding (aes-*-wrap-pad) ciphers - debian/patches/php-8.0-CVE-2026-14355.patch: reserve an extra EVP_CIPHER_block_size() block for EVP_CIPH_WRAP_MODE ciphers in php_openssl_cipher_update() (ext/openssl/openssl.c) so RFC 5649 wrap-with-padding output no longer overflows the zend_string buffer. - CVE-2026-14355
CVEs fixed:
Updated packages:
  • alt-php80_8.0.30-54_amd64.deb
    sha:375c9f6bb5a442d3e63597aa8b1602d44e981a23
  • alt-php80-bcmath_8.0.30-54_amd64.deb
    sha:e60ac1dd5f1bdfc192917cbf3c0301811655eb1c
  • alt-php80-cli_8.0.30-54_amd64.deb
    sha:116735dec643eee0366fb449b77f435d31497b3f
  • alt-php80-common_8.0.30-54_amd64.deb
    sha:b74cbba44870c80941a3e898248d4b8499699e00
  • alt-php80-dba_8.0.30-54_amd64.deb
    sha:16dc748e2e2c619b0aa5fbf95ec93f3e785b0760
  • alt-php80-dev_8.0.30-54_amd64.deb
    sha:6433daa3ef26ef4d1f9a325fbc49eb41c436fd61
  • alt-php80-enchant_8.0.30-54_amd64.deb
    sha:b7c329d619dfa5532e40902ce21a1f7139212f34
  • alt-php80-firebird_8.0.30-54_amd64.deb
    sha:9906f4e1d88e31f1024f0eaac8c1931f21623ff3
  • alt-php80-gd_8.0.30-54_amd64.deb
    sha:fc5abb500a16eee97a972cbe403c0f77142d12a1
  • alt-php80-imap_8.0.30-54_amd64.deb
    sha:6e251c850335bcf15f91d358af5c3c5e631edc56
  • alt-php80-intl_8.0.30-54_amd64.deb
    sha:a3f422ddaa8e42857d437d6656eeef120d9b9928
  • alt-php80-ldap_8.0.30-54_amd64.deb
    sha:324701c6da453649985aaca086c9cbb4167d1849
  • alt-php80-mbstring_8.0.30-54_amd64.deb
    sha:5ba9f90a0dd9b72a2c3626a1f0b7103ce3d8c81d
  • alt-php80-mysqlnd_8.0.30-54_amd64.deb
    sha:53257173a217f503de66ad4c401742e78f81821c
  • alt-php80-odbc_8.0.30-54_amd64.deb
    sha:9517e997d85fb8c4da70022b89b7ab4fb6c2bb20
  • alt-php80-opcache_8.0.30-54_amd64.deb
    sha:6df7eed35e2e21489acf3345135fd246503f8d76
  • alt-php80-pdo_8.0.30-54_amd64.deb
    sha:0215bcf29db9df70b2a6182e40d55d547f9840a2
  • alt-php80-pgsql_8.0.30-54_amd64.deb
    sha:ff83254ee0b315435f281f6a0c11036b84c74c45
  • alt-php80-php-fpm_8.0.30-54_amd64.deb
    sha:5b4fd80ab9e685733c73ffc67dbe72143d6f5957
  • alt-php80-process_8.0.30-54_amd64.deb
    sha:e8caa471f12be1d8b21ff9e70f1c82b5acdb6018
  • alt-php80-pspell_8.0.30-54_amd64.deb
    sha:7725c9f2a9e30d606ecea426685584b2eb374f32
  • alt-php80-snmp_8.0.30-54_amd64.deb
    sha:75d8d0ee558480a16ae250e34bfb4889b11d0a7d
  • alt-php80-soap_8.0.30-54_amd64.deb
    sha:40c64d627b0fe45d8fcb6e7fe131d2f657e599f3
  • alt-php80-sodium_8.0.30-54_amd64.deb
    sha:cbc8265dd2992bdf5ddb811a9dcf4a0317f07833
  • alt-php80-tidy_8.0.30-54_amd64.deb
    sha:74e6c94619f82104c5dec0056e801af60ffcf6e4
  • alt-php80-xml_8.0.30-54_amd64.deb
    sha:cb63938c7d2f9e4e4af96773fb621f5903572991
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.