Release date:
2026-06-06 00:05:01 UTC
Description:
- CVE-2021-3711: fix SM2 decryption buffer overflow; check the plaintext buffer
is large enough when decrypting SM2; add extended tests for SM2
- CVE-2022-3996: fix X.509 policy constraints double-locking denial of service
- CVE-2023-0464: fix excessive resource use verifying X.509 policy constraints
- CVE-2023-0466: fix X509_VERIFY_PARAM_add0_policy() does not enable policy check
- CVE-2023-2650: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt translates
- CVE-2024-13176: fix timing side-channel in ECDSA signature computation
- CVE-2024-5535: validate provided client list in SSL_select_next_proto
- CVE-2025-9230: fix out-of-bounds read and write in RFC 3211 KEK unwrap
- CVE-2025-69419: fix one-byte write-before-buffer in PKCS#12 BMPString conversion
- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()
- CVE-2026-28387: fix use-after-free / double-free in dane_match()
- CVE-2026-28388: fix NULL dereference in check_delta_base()
- CVE-2026-28389: fix NULL dereference in dh/ecdh_cms_set_shared_info()
- CVE-2026-28390: fix NULL dereference in rsa_cms_decrypt()
Updated packages:
-
openssl11-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:0e097a49caebf7b38ae3296d686eb66f66d5909d708efd816a9b0341e6e1ab16
-
openssl11-devel-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:9caec2489a2e0cd673e0aa4c8274f9a5398c5eedd90cb8cef6667360479b345b
-
openssl11-libs-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:1ab2e3fbd81df175566d88492285dcd62582d5ea0ea9a8e013fc4b78079cd7d7
-
openssl11-static-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:80943a7e067a51e03003aba3cc74dd6b7b69e65be6347bce5ced2426de9b3c93
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
