Release date:
2026-06-05 17:56:20 UTC
Description:
- CVE-2021-3711: fix SM2 decryption buffer overflow; check the plaintext buffer
is large enough when decrypting SM2; add extended tests for SM2
- CVE-2022-3996: fix X.509 policy constraints double-locking denial of service
- CVE-2023-0464: fix excessive resource use verifying X.509 policy constraints
- CVE-2023-0466: fix X509_VERIFY_PARAM_add0_policy() does not enable policy check
- CVE-2023-2650: restrict the size of OBJECT IDENTIFIERs that OBJ_obj2txt translates
- CVE-2024-13176: fix timing side-channel in ECDSA signature computation
- CVE-2024-5535: validate provided client list in SSL_select_next_proto
- CVE-2025-9230: fix out-of-bounds read and write in RFC 3211 KEK unwrap
- CVE-2025-69419: fix one-byte write-before-buffer in PKCS#12 BMPString conversion
- CVE-2025-69421: fix NULL dereference in PKCS12_item_decrypt_d2i_ex()
- CVE-2026-28387: fix use-after-free / double-free in dane_match()
- CVE-2026-28388: fix NULL dereference in check_delta_base()
- CVE-2026-28389: fix NULL dereference in dh/ecdh_cms_set_shared_info()
- CVE-2026-28390: fix NULL dereference in rsa_cms_decrypt()
Updated packages:
-
openssl11-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:f9b779108826b14020bbfc9b694c13afda70b5ca484f2ca3fc1f30052eb55758
-
openssl11-devel-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:3c38f53dbba4d8c21752b70af81912b8e04936f2787b1758708393000fb1e988
-
openssl11-libs-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:08eb84b15455449610462c4216157220ac1135721a2ee2af034877bade202f02
-
openssl11-static-1.1.1k-7.el7.tuxcare.els1.x86_64.rpm
sha:e8948978e75de189e65f482ca0e661f61cdc220f2acfd2ac339d71868d8a8f8b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
