Release date:
2026-06-18 16:21:44 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify
- debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain
explicitly and stop at the caller-supplied indata BIO so a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no
longer make OpenSSL free a caller-owned BIO in PKCS7_verify()
- CVE-2026-45447
Updated packages:
-
alt-openssl_1.1.1w-3.5_amd64.deb
sha:7ddf8dd1802f37b0bc1665b569b56d46f646e392
-
alt-openssl-dev_1.1.1w-3.5_amd64.deb
sha:6541b14d52f50642a55decf6a45285abbbc8df42
-
alt-openssl-doc_1.1.1w-3.5_all.deb
sha:54db01ca5a3228aef47d0dd1b297fb694f01d8c3
-
alt-openssl-libs_1.1.1w-3.5_amd64.deb
sha:29cb3534014a64667c574e224cd1136954bd8dfa
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
