Explore top 10 tips to secure your open-source projects now. Read More
×
This update for php8 fixes the following issue
* CVE-2026-14355: The AES-WRAP-PAD algorithm implementation in OpenSSL
extension contains a buffer allocation flaw (bsc#1270351).
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.4
zypper in -t patch SUSE-2026-2880=1
* openSUSE Leap 15.4 (aarch64 i586 ppc64le s390x x86_64)
* php8-bcmath-debuginfo-8.0.30-150400.4.68.1
* php8-zip-debuginfo-8.0.30-150400.4.68.1
* php8-mysql-8.0.30-150400.4.68.1
* php8-pcntl-8.0.30-150400.4.68.1
* php8-bcmath-8.0.30-150400.4.68.1
* php8-embed-debuginfo-8.0.30-150400.4.68.1
* apache2-mod_php8-8.0.30-150400.4.68.1
* php8-openssl-debuginfo-8.0.30-150400.4.68.1
* php8-opcache-debuginfo-8.0.30-150400.4.68.1
* php8-sockets-debuginfo-8.0.30-150400.4.68.1
* php8-fileinfo-8.0.30-150400.4.68.1
* php8-phar-8.0.30-150400.4.68.1
* php8-ctype-debuginfo-8.0.30-150400.4.68.1
* php8-ftp-debuginfo-8.0.30-150400.4.68.1
* php8-fileinfo-debuginfo-8.0.30-150400.4.68.1
* php8-fpm-debuginfo-8.0.30-150400.4.68.1
* php8-bz2-debuginfo-8.0.30-150400.4.68.1
* php8-readline-debuginfo-8.0.30-150400.4.68.1
* php8-tidy-8.0.30-150400.4.68.1
* php8-phar-debuginfo-8.0.30-150400.4.68.1
* php8-calendar-8.0.30-150400.4.68.1
* php8-gettext-debuginfo-8.0.30-150400.4.68.1
* php8-xsl-8.0.30-150400.4.68.1
*...
Read the Full Advisory* bsc#1270351
## References:
* https://www.suse.com/security/cve/CVE-2026-14355.html
* https://bugzilla.suse.com/show_bug.cgi?id=1270351
Get the latest Linux and open source security news straight to your inbox.