Release date:
2026-04-20 17:13:57 UTC
Description:
- CVE-2026-28387: fix use-after-free in DANE client code by using X509_free()
instead of OPENSSL_free() to properly release reference-counted X509 objects
- CVE-2026-28388: fix NULL pointer dereference when processing a delta CRL
that has a Delta CRL Indicator but lacks a CRL Number extension
- CVE-2026-28389: fix NULL pointer dereference in CMS KeyAgreeRecipientInfo
processing when KeyEncryptionAlgorithmIdentifier omits the optional
parameter field, by using safe X509_ALGOR_get0() extraction
- CVE-2026-28390: fix NULL pointer dereference in CMS KeyTransportRecipientInfo
processing when RSA-OAEP SourceFunc parameters are missing, by using safe
X509_ALGOR_get0() extraction and OPENSSL_memdup() for label data
Updated packages:
-
alt-openssl11-1.1.1w-3.3.el10.x86_64.rpm
sha:9bcf794f75a243e5b5c725fb5b7065c483ef6d1df740567399cc1234e0121b1a
-
alt-openssl11-devel-1.1.1w-3.3.el10.x86_64.rpm
sha:7889774450e880b8b9549921f80974155308eed9b0fe9b01714b3bc779feffeb
-
alt-openssl11-libs-1.1.1w-3.3.el10.x86_64.rpm
sha:bc2eb8e56bd5bc683b522346466eecf84aac1070e56d6a5994246fb8d685698e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
