Release date:
2026-06-05 23:49:55 UTC
Description:
- CVE-2021-3711: fix SM2 decryption buffer overflow; check the plaintext buffer
is large enough when decrypting SM2; add extended tests for SM2
- CVE-2022-3996: fix X.509 policy constraints double-locking denial of service
- CVE-2023-0464: fix excessive resource use verifying X.509 policy constraints
- CVE-2023-0466: fix X509_VERIFY_PARAM_add0_policy() does not enable policy check
- CVE-2023-2650: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt translates
- CVE-2024-13176: fix timing side-channel in ECDSA signature computation
- CVE-2024-5535: validate provided client list in SSL_select_next_proto
- CVE-2025-9230: fix out-of-bounds read and write in RFC 3211 KEK unwrap
- CVE-2025-69419: fix one-byte write-before-buffer in PKCS#12 BMPString conversion
- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()
- CVE-2026-28387: fix use-after-free / double-free in dane_match()
- CVE-2026-28388: fix NULL dereference in check_delta_base()
- CVE-2026-28389: fix NULL dereference in dh/ecdh_cms_set_shared_info()
- CVE-2026-28390: fix NULL dereference in rsa_cms_decrypt()
Updated packages:
-
openssl11-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:5605862a715fb4d161d0434ec15f735d22cf8644c0257f1a1f2a3765e96443f7
-
openssl11-devel-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:2a402508b926ad377ef14ba8511438d0e42a2f3ff8eaf49f1aafe82fab5ac3d1
-
openssl11-libs-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:e23045f632252d6b92bccdd88c29a789e051ab1f264c6042ccc4ab88c338c5f9
-
openssl11-static-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:f2f234dcae289ce5c24b96dabb229b78f848e87e32daaea9f2653ea5aa20b32b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
