{ "document": { "aggregate_severity": { "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2026-42769: fix CMP rootCaKeyUpdate trust-anchor substitution by adding\n the correct issuer to the chain, enabling self-signed signature checking,\n and guarding a NULL verify-param dereference", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/tuxcare9.6esu/advisories/2026/clsa-2026_1782386492.json" } ], "tracking": { "current_release_date": "2026-06-25T11:23:56Z", "generator": { "date": "2026-06-25T11:23:56Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1782386492", "initial_release_date": "2026-06-25T11:23:56Z", "revision_history": [ { "date": "2026-06-25T11:23:56Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "openssl: Fix of 13 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.6", "product": { "name": "AlmaLinux 9.6", "product_id": "AlmaLinux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_name", "name": "Rocky Linux 9.6", "product": { "name": "Rocky Linux 9.6", "product_id": "Rocky Linux-9.6", "product_identification_helper": { "cpe": "cpe:2.3:o:resf:rocky_linux:9.6:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Rocky Linux" } ], "category": "vendor", "name": "Rocky Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product_id": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-7.el9_6.tuxcare.1.els7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product_id": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-7.el9_6.tuxcare.1.els7?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6?arch=i686&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6?arch=i686&epoch=1" } } } ], "category": "architecture", "name": "i686" }, { "branches": [ { "category": "product_version", "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_id": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-7.el9_6.tuxcare.1.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_id": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-7.el9_6.tuxcare.1.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_id": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-7.el9_6.tuxcare.1.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_id": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-7.el9_6.tuxcare.1.els7?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_id": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-7.el9_6.tuxcare.1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_id": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-7.el9_6.tuxcare.1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_id": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-7.el9_6.tuxcare.1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_id": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-7.el9_6.tuxcare.1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_id": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_id": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-6.el9_6.1.tuxcare.6.els9?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_id": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_id": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-6.el9_6.1.tuxcare.6.els6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_id": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_id": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-6.el9_6.1.tuxcare.6.els5?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_id": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_id": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-6.el9_6.1.tuxcare.6.els1?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_id": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl@3.2.2-6.el9_6.1.tuxcare.6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_id": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-libs@3.2.2-6.el9_6.1.tuxcare.6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_id": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-perl@3.2.2-6.el9_6.1.tuxcare.6?arch=x86_64&epoch=1" } } }, { "category": "product_version", "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_id": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/openssl-devel@3.2.2-6.el9_6.1.tuxcare.6?arch=x86_64&epoch=1" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" }, "product_reference": "openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" }, "product_reference": "openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of AlmaLinux 9.6", "product_id": "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "AlmaLinux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "relates_to_product_reference": "Rocky Linux-9.6" }, { "category": "default_component_of", "full_product_name": { "name": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64 as a component of Rocky Linux 9.6", "product_id": "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64" }, "product_reference": "openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "relates_to_product_reference": "Rocky Linux-9.6" } ] }, "vulnerabilities": [ { "cve": "CVE-2026-34183", "cwe": { "id": "CWE-770", "name": "Allocation of Resources Without Limits or Throttling" }, "notes": [ { "category": "description", "text": "Issue summary: Remote peer may exhaust heap memory of the QUIC\nserver or client by flooding it with packets containing PATH_CHALLENGE\nframes.\nImpact summary: A malicious remote peer can cause an unbounded\nmemory allocation which can lead to an abnormal termination of the\napplication acting as a QUIC client or server and a Denial of Service.\nA remote peer may exhaust heap memory by flooding the local\nQUIC stack with PATH_CHALLENGE frames. The local QUIC stack\nallocates a PATH_RESPONSE frame for every PATH_CHALLENGE it receives.\nThe allocated PATH_RESPONSE frame gets freed only when the remote\npeer acknowledges reception of the PATH_RESPONSE frame which will\nnot be done by a malicious peer.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by\nthis issue. The QUIC stack is outside of OpenSSL FIPS module\nboundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-34183" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-42769", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "Issue Summary: An error in the callback used to verify the certificate\nprovided in a Root CA key update Certificate Management Protocol (CMP)\nmessage response rendered the certificate validation ineffectual, which\ncould lead to escalation of credentials from the Registration Authority (RA)\nlevel to the root Certification Authority (root CA) level.\nImpact Summary: The Registration Autority could replace the root CA\ncertificate for the CMP clients with an arbitrary root CA certificate.\nOne of the parts of the Certificate Management Protocol (CMP), specified in\nRFC 9810, is Root Certification Authority (root CA) key Rollover,\nwhich is sent by the server in a message with type 'id-it-rootCaKeyUpdate'.\nAs part of these messages, 'newWithOld' certificate, the new root CA\ncertificate signed with the old root CA key, is provided, and verifying its\nsignature is crucial for transferring the trust from the old CA key to the\nnew one.\nThe 'id-it-rootCaKeyUpdate' messages are expected to be processed with\nOSSL_CMP_get1_rootCaKeyUpdate(), that is expected to verify the 'newWithOld'\ncertificate. A typo in the certificate chain building code led to adding\nan incorrect certificate ('newWithOld' instead of 'oldRoot') to the\ncertificate chain, rendering the certificate verification process ineffectual\n(only the issuer name and the algorithm OIDs were verified by other parts\nof the verification code).\nAn attacker who already has credentials that satisfy the CMP message\nprotection checks can generate a new key pair and use a crafted self-signed\ncertificate in its 'id-it-rootCaKeyUpdate' CMP messages which affected CMP\nclients would accept as a new trust anchor.\nSignificant preconditions for the attack (having valid RA-level credentials)\nare the reason the issue was assigned Low severity.\nThe FIPS modules are not affected by this issue, as the affected code is\noutside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-42769" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-7383", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "Issue summary: A signed integer overflow when sizing the destination\nbuffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap\nbuffer overflow.\nImpact summary: A heap buffer overflow may lead to a crash or possibly\nattacker controlled code execution or other undefined behaviour.\nIn ASN1_mbstring_copy() and ASN1_mbstring_ncopy() the destination\nsize for Unicode output is computed in a signed int: by left shift\nof the input character count for BMPSTRING (UTF-16) and\nUNIVERSALSTRING (UTF-32), and by summing per-character byte counts\nfor UTF8STRING. The calculation overflows when the input reaches\naround 2^30 characters. In the worst case (UNIVERSALSTRING at 2^30\ncharacters) the size wraps to zero, OPENSSL_malloc(1) is called, and\nthe subsequent character copy writes several gigabytes past the\none-byte allocation.\nX.509 certificate processing routes through ASN1_STRING_set_by_NID(),\nwhose DIRSTRING_TYPE mask excludes UNIVERSALSTRING and whose per-NID\nsize limits cap the input length; no network protocol or\ncertificate-handling path in OpenSSL exercises the overflow.\nTriggering the bug requires an application that calls\nASN1_mbstring_copy() or ASN1_mbstring_ncopy() directly, or registers\na custom string type via ASN1_STRING_TABLE_add(), with\nattacker-controlled input on the order of half a gigabyte or more.\nFor these reasons this issue was assigned Low severity.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as the affected code is outside the OpenSSL FIPS module\nboundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-7383" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-45445", "cwe": { "id": "CWE-1204", "name": "Generation of Weak Initialization Vector (IV)" }, "notes": [ { "category": "description", "text": "Issue summary: When an application drives an AES-OCB context through the\npublic EVP_Cipher() one-shot interface, the application-supplied\ninitialisation vector (IV) is silently discarded.\nImpact summary: Every message encrypted under the same key uses the\nsame effective nonce regardless of the IV supplied by the caller,\nresulting in (key, nonce) reuse and loss of confidentiality. If the\nsame code path is used to compute the authentication tag, the tag\ndepends only on the (key, IV) pair and not on the plaintext or\nciphertext, allowing universal forgery of arbitrary ciphertext from a\nsingle captured message.\nOpenSSL provides two ways to drive a cipher: the documented streaming\ninterface (EVP_CipherUpdate / EVP_CipherFinal_ex) and a lower-level\none-shot, EVP_Cipher(), whose documentation explicitly recommends\nagainst use by applications in favour of EVP_CipherUpdate() and\nEVP_CipherFinal_ex(). The OCB provider's streaming handler flushes\nthe application-supplied IV into the OCB context before processing\ndata; the one-shot handler did not. Every call to EVP_Cipher() on an\nAES-OCB context therefore ran with the all-zero key-derived offset\nstate left by cipher initialisation, regardless of the caller's IV.\nIf EVP_EncryptFinal_ex() is subsequently used to obtain the\nauthentication tag, the deferred IV setup runs at that point and\nclears the running checksum that should have been accumulated over the\nplaintext. The resulting tag is a function of (key, IV) only and\nverifies against any ciphertext produced under the same (key, IV)\npair.\nThe OpenSSL SSL/TLS implementation is not affected: AES-OCB is not a\nTLS cipher suite, and libssl does not call EVP_Cipher() in any case.\nApplications that drive AES-OCB through the documented streaming AEAD\nAPI (EVP_CipherUpdate / EVP_CipherFinal_ex) are not affected. Only\napplications that combine the AES-OCB cipher with the EVP_Cipher()\none-shot API are vulnerable.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by\nthis issue, as AES-OCB is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-45445" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2026-34180", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive\nelement whose content exceeds 2 gigabytes in length may cause a heap buffer\nover-read on 64-bit Unix and Unix-like platforms.\nImpact summary: The heap buffer over-read may crash the application (Denial of\nService) or to load into the decoded ASN.1 object contents of memory beyond the\nend of the input buffer. More typically such ASN.1 elements would instead be\ntruncated.\nAn integer truncation in OpenSSL's ASN.1 decoder causes the content length of\nan ASN.1 primitive element to be mishandled when it exceeds 2 gigabytes. In the\nworst case the truncated length is treated as a request to scan the binary\ncontent for a terminating zero byte, possibly causing OpenSSL to read either\nless than or beyond the end of the allocated buffer.\nApplications that pass attacker-supplied data to d2i_X509(), d2i_PKCS7(), or\nany other d2i_* decoding function are affected. OpenSSL's own command-line\ntools are not vulnerable, as data read through the BIO layer is checked before\nit reaches the affected code. The issue only affects 64-bit Unix and Unix-like\nplatforms; 32-bit platforms and 64-bit Windows are not affected.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4 and 3.0 are not affected by this issue,\nas the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-34180" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-42768", "cwe": { "id": "CWE-205", "name": "Observable Behavioral Discrepancy" }, "notes": [ { "category": "description", "text": "Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to\nBleichenbacher-style attack when an attacker is able to provide the CMS or\nS/MIME messages and observe the error code and/or decryption output.\nImpact summary: The Bleichenbacher-style attack allows an attacker to use the\nvictim's vulnerable application as a way to decrypt or sign messages with the\nvictim's private RSA key.\nThe attack is possible in 2 variants.\n1. The decryption API (CMS_decrypt(), PKCS7_decrypt()) is used without\nproviding the recipient certificate. In this case OpenSSL iterates over every\nKeyTransRecipientInfo (KTRI) without stopping at the first success.\nAn attacker who authors a message with two KTRI entries — the first one\nwrapping a real CEK under the victim's public key, the second with an\narbitrary probe ciphertext — obtains opportunity to iterate the 2nd KTRI to\nget a valid PKCS#1 v1.5 padding if the error code of the application is\navailable.\nThat is a Bleichenbacher oracle (Bleichenbacher, CRYPTO '98): an\nadaptive-chosen-ciphertext side channel from which the attacker decrypts any\nRSA ciphertext to the victim's key or forges any PKCS#1 v1.5 signature under\nit.\n2. When the decryption API (CMS_decrypt(), PKCS7_decrypt()) is provided with\nthe recipient certificate, and the recipient is not found, a random\nkey is substituted.\nAn attacker who authors a message and is able to compare both error code and\nthe result of the decryption, can mount a Bleichenbacher oracle.\nWe are not aware of any applications that provide a remote attacker\nan opportunity to mount an attack described in these scenarios. We consider\nthe existence of such application very unlikely, and for this reason this\nCVE has been evaluated as Low severity.\nTo avoid these attacks, when RSA PKCS#1 v1.5 Key Transport is in use, the\ninvoked EVP_PKEY_decrypt() will use the implicit rejection mechanism described\nin draft-irtf-cfrg-rsa-guidance. In previous OpenSSL releases the implicit\nrejection was explicitly disabled.\nThe implicit rejection mechanism always returns a plaintext value,\nthe symmetric key. This result is deterministic for the ciphertext and the\nprivate key. The length of the decryption result can happen to match the\nlength of the key of the symmetric cipher that was used for the content\nencryption. When a certificate is not provided, the last RecipientInfo\nproducing a key that looks valid will be used. It may cause getting garbage\ncontent on decryption. As a proper way to deal with this a recipient\ncertificate has to be provided to identify the particular RecipientInfo for\ndecryption.\nThe FIPS modules in 4.0, 3.6, 3.5, and 3.4 are not affected by this issue, as\nCMS and S/MIME processing happens outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-42768" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-34182", "cwe": { "id": "CWE-130", "name": "Improper Handling of Length Parameter Inconsistency" }, "notes": [ { "category": "description", "text": "Issue Summary: Cryptographic Message Services (CMS) processing fails to perform\nsufficient input validation on the cipher and tag length fields of\nAuthEnvelopedData containers, leading to various potential compromises.\nImpact Summary: Attackers making use of these vulnerabilities may achieve\nkey-equivalent functionality for a given CMS recipient and/or bypass integrity\nvalidation for a given message.\nIn one use case, an attacker may send a CMS message containing\nAuthEnvelopedData with the cipher specified as a non-AEAD cipher. OpenSSL\nerroneously allows this selection, and attempts to decrypt and validate the\nmessage.\nAn on-path attacker who captures one legitimate AES-GCM AuthEnvelopedData\naddressed to the victim can re-emit it with the recipientInfos set left\nbyte-for-byte intact, so the victim's private key still unwraps the genuine CEK\n(the content-encryption key), but with the inner OID rewritten to AES-256-OFB\n(Output Feedback Mode, an unauthenticated keystream mode) and with an\nattacker-chosen IV and ciphertext. The victim initializes AES-256-OFB under the\nreal CEK, never consults the MAC field, and CMS_decrypt() returns success.\nIf the application under attack responds to the attacker with any indicator\nshowing success or failure of the decryption effort, it is possible for the\nattacker to use this as an oracle to obtain key equivalent functionality for the\nCEK used for the chosen recipient of the message.\nIn another use case, an attacker can reduce the tag length of the chosen AEAD\ncipher for a given AuthEnvelopedData container to be a single byte long,\nallowing an attacker to brute force CMS decryption, producing an integrity\nbypass for applications that trust CMS_decrypt() to reject modified content.\nThe FIPS modules are not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-34182" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-45446", "cwe": { "id": "CWE-347", "name": "Improper Verification of Cryptographic Signature" }, "notes": [ { "category": "description", "text": "Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV\n(RFC 8452) mishandle the authentication of AAD (Additional Authenticated\nData) with an empty ciphertext allowing a forgery of such messages.\nImpact summary: An attacker can forge empty messages with arbitrary AAD\nto the victim's application using these ciphers.\nAES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) are nonce-misuse-resistant AEAD\nmodes: they accept a key, nonce, optional AAD (bytes that are authenticated\nbut not encrypted), and plaintext, and produces ciphertext plus a 16-byte\ntag. On decrypt, `EVP_DecryptFinal_ex()` is documented to return success only\nif the tag is verified succesfully.\nIn OpenSSL's provider implementation of these ciphers, the expected tag is\ncomputed only when decryption function is invoked with non-empty data.\nIf the caller supplies AAD and then calls `EVP_DecryptFinal_ex()` without\ninvocation of the ciphertext update, which can happen when the received\nciphertext length is zero, the tag is never recalculated and still holds its\nall-zeros value.\nWhen AES-GCM-SIV is used, an attacker who sends arbitrary AAD, empty\nciphertext, and all-zeros tag passes authentication under any key they do not\nknow, single-shot. When AES-SIV is used, for mounting the attack it's\nnecessary for the application to reuse the decryption context without\nresetting the key.\nAES-SIV is implemented since OpenSSL 3.0. AES-GCM-SIV is implemented since\nOpenSSL 3.2.\nNo protocols implemented in OpenSSL itself (TLS/CMS/PKCS7/HPKE/QUIC) support\neither AES-GCM-SIV or AES-SIV. To mount an attack, the applications must\nimplement their own protocol and use the EVP interface. Also they must skip the\nciphertext update when a message with an empty ciphertext arrives.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as these algorithms are not FIPS approved and the affected code is\noutside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-45446" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] }, { "cve": "CVE-2026-9076", "cwe": { "id": "CWE-131", "name": "Incorrect Calculation of Buffer Size" }, "notes": [ { "category": "description", "text": "Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap)\nprocesses attacker-supplied CMS data, an attacker-chosen stream-mode KEK\ncipher can trigger a heap out-of-bounds read in kek_unwrap_key().\nImpact summary: A heap buffer over-read may trigger a crash which leads to\nDenial of Service for an application if the input buffer ends at a memory\npage boundary and the following page is unmapped. There is no information\ndisclosure as the over-read bytes are not revealed to the attacker.\nThe key unwrapping function performs a check-byte test as specified in the\nRFC that reads 7 bytes from a heap allocation that is based on the wrapped\nkey length from the message. There is a minimum length check based on the\nblock length of the wrapping cipher. However the cipher is selected from\nan OID carried in the attacker's PWRI keyEncryptionAlgorithm with no\nrequirement that the cipher be a block cipher. When an attacker selects\na stream-mode cipher the guard will be ineffective and the allocated buffer\ncontaining the unwrapped key can be too small to fit the check-bytes\nspecified in the RFC and a buffer over-read can happen.\nApplications calling CMS_decrypt() or CMS_decrypt_set1_password()\n(equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS\ndata are vulnerable to this issue. No password knowledge is required: the\nover-read happens during the unwrap attempt before any authentication\nsucceeds.\nThe over-read is limited to a few bytes and is not written to output, so\nthere is no information disclosure. Triggering a crash requires the\nallocation to border unmapped memory, which is unlikely with the normal\nallocator.\nThe FIPS modules are not affected by this issue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-9076" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-45447", "cwe": { "id": "CWE-825", "name": "Expired Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: A specially crafted PKCS#7 or S/MIME signed message could\ntrigger a use-after-free during PKCS#7 signature verification.\nImpact summary: A use-after-free may result in process crashes, heap\ncorruption, or potentially remote code execution.\nWhen processing a PKCS#7 or S/MIME signed message, if the SignedData\ndigestAlgorithms field is present as an empty ASN.1 SET, OpenSSL may\nincorrectly free a caller-owned BIO during PKCS7_verify(). A subsequent\nuse of the BIO by the calling application results in a use-after-free\ncondition.\nIn the common case this occurs when the application later calls\nBIO_free() on the BIO originally passed to PKCS7_verify(). Depending\non allocator behavior and application-specific BIO usage patterns, this\nmay result in a crash or other memory corruption. In some application\ncontexts this may potentially be exploitable for remote code execution.\nApplications that process PKCS#7 or S/MIME signed messages using OpenSSL\nPKCS#7 APIs may be affected. Applications using the CMS APIs for this\nprocessing are not affected.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-45447" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-42766", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: A specially crafted password-encrypted CMS message\ncan trigger a NULL pointer dereference during CMS decryption.\nImpact summary: This NULL pointer dereference leads to an application crash\nand a Denial of Service.\nThe CMS PasswordRecipientInfo.keyDerivationAlgorithm field is defined as\nOPTIONAL in the ASN.1 specification and may therefore be absent in specially\ncrafted inputs. During the password-based CMS decryption the OpenSSL\nCMS implementation dereferences this field without first checking whether it\nwas present.\nAn attacker who supplies such a CMS message to an application performing\npassword-based CMS decryption can trigger an application crash, leading to\na Denial of Service.\nApplications that process password-encrypted CMS messages may be affected.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-42766" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-42770", "cwe": { "id": "CWE-354", "name": "Improper Validation of Integrity Check Value" }, "notes": [ { "category": "description", "text": "Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42)\npeer key, the peer key is not properly checked for the subgroup membership.\nImpact summary: A malicious peer which presents an X9.42 key carrying the\nvictim's p and g parameters, a forged q = r (a small prime factor of the\ncofactor (p−1)/q_local), and a public value Y of order r can recover the\nvictim's private key after a small number of key exchange attempts.\nWhen EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the\nsubgroup membership check Y^q ≡ 1 (mod p) is performed using the peer's\nown q parameter, not the local key's q. The peer's domain parameters are\nthen matched against the domain parameters of the private key, but the value\nof q is not compared.\nA malicious peer who presents an X9.42 key carrying the victim's p, g,\na forged q = r (a small prime factor of the cofactor), and a public\nvalue Y of order r passes all checks. The shared secret then takes only\nr distinct values, leaking priv mod r. Repeating for each small-prime\nfactor of the cofactor and combining via CRT recovers the full private\nkey (Lim–Lee / small-subgroup-confinement attack).\nThe realistic attack surface is narrow: principally CMP deployments with\nlong-lived RA/CA DHX keys and bespoke enterprise or government applications\nusing X9.42 DHX static keys with interactive protocols and therefore this\nissue was assigned Low severity.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are affected by this\nissue.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-42770" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-42767", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "Issue summary: An attacker-controlled CMP (Certificate Management Protocol)\nserver could trigger a NULL pointer dereference in a CMP client application.\nImpact summary: A NULL pointer dereference causes a crash of the\napplication and a Denial of Service.\nAn attacker controlling a CMP server (or acting as a man-in-the-middle) could\ncraft a CMP response containing a CRMF (Certificate Request Message Format)\nCertRepMessage with an EncryptedValue structure where the symmAlg field\nhas an algorithm OID but no parameters field. When the OpenSSL CMP client\nprocesses this response, the NULL dereference occurs, causing a crash of\nthe CMP client.\nApplications that process untrusted CMP/CRMF messages may be affected.\nThe FIPS modules in 4.0, 3.6, 3.5, 3.4, and 3.0 are not affected by this\nissue, as the affected code is outside the OpenSSL FIPS module boundary.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "known_affected": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-42767" } ], "release_date": "2026-06-09T17:17:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-06-25T11:21:35.374001Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1782386492" }, { "category": "none_available", "date": "2026-06-09T17:17:00Z", "details": "Affected", "product_ids": [ "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els1.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els5.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.els9.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-6.el9_6.1.tuxcare.6.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "AlmaLinux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "AlmaLinux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "AlmaLinux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-devel-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.i686", "Rocky Linux-9.6:openssl-libs-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64", "Rocky Linux-9.6:openssl-perl-1:3.2.2-7.el9_6.tuxcare.1.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }