[CLSA-2026:1775149050] Fix CVE(s): CVE-2023-5678, CVE-2024-0727

Type:

security

Severity:

Moderate

Release date:

2026-04-02 16:57:35 UTC

Description:

   * SECURITY UPDATE: excessive time spent in DH check/generation with large Q
     - debian/patches/openssl-1.1.1-cve-2023-5678.patch: add bounds checks for
       excessively large Q parameter in DH_check_pub_key() and DH_generate_key()
     - CVE-2023-5678
   * SECURITY UPDATE: PKCS12 decoding crashes due to NULL pointer dereference
     - debian/patches/openssl-1.1.1-cve-2024-0727.patch: add NULL checks where
       ContentInfo data can be NULL in PKCS12/PKCS7 parsing functions
     - CVE-2024-0727

Updated packages:

alt-openssl_1.1.1w-3.2_amd64.deb
sha:d7bbc53b54d8b07e2a929cbabd6e375acb13d4e9
alt-openssl-dev_1.1.1w-3.2_amd64.deb
sha:5bf687f4e683067c5b85b8eaf5408fbf71c55c7e
alt-openssl-doc_1.1.1w-3.2_all.deb
sha:62f92886d8e749d723932c17128aa138f9111dee
alt-openssl-libs_1.1.1w-3.2_amd64.deb
sha:623fc57482f8ccbdd9f272c9772f6f2c7577b700

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.