Release date:
2026-06-05 17:56:22 UTC
Description:
- CVE-2021-3711: fix SM2 decryption buffer overflow; check the plaintext buffer
is large enough when decrypting SM2; add extended tests for SM2
- CVE-2022-3996: fix X.509 policy constraints double-locking denial of service
- CVE-2023-0464: fix excessive resource use verifying X.509 policy constraints
- CVE-2023-0466: fix X509_VERIFY_PARAM_add0_policy() does not enable policy check
- CVE-2023-2650: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt translates
- CVE-2024-13176: fix timing side-channel in ECDSA signature computation
- CVE-2024-5535: validate provided client list in SSL_select_next_proto
- CVE-2025-9230: fix out-of-bounds read and write in RFC 3211 KEK unwrap
- CVE-2025-69419: fix one-byte write-before-buffer in PKCS#12 BMPString conversion
- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()
- CVE-2026-28387: fix use-after-free / double-free in dane_match()
- CVE-2026-28388: fix NULL dereference in check_delta_base()
- CVE-2026-28389: fix NULL dereference in dh/ecdh_cms_set_shared_info()
- CVE-2026-28390: fix NULL dereference in rsa_cms_decrypt()
Updated packages:
-
openssl11-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:6b953850613a54101c65f725912cc5a1e712ea7cd81ac9186e37da72d908a261
-
openssl11-devel-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:3d27a92c1a5cc3c38ec44da0e9d879a455317c12d8937c1912bc087a532c6328
-
openssl11-libs-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:86d64f667e3d2f65069799854d8b081bbb39512363aa019e699d53805b81cbf8
-
openssl11-static-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:f5ec6e1579fe43be73ae2ced00612cb66fa755095b5cef6a6c9c5fd2b6e3cc98
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
