Release date:
2026-06-18 16:19:13 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify
- debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain
explicitly and stop at the caller-supplied indata BIO so a crafted
PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no
longer make OpenSSL free a caller-owned BIO in PKCS7_verify()
- CVE-2026-45447
Updated packages:
-
alt-openssl_1.1.1w-3.5_amd64.deb
sha:4dfa80e08714dc332aaeeba0ad853a430baf575e
-
alt-openssl-dev_1.1.1w-3.5_amd64.deb
sha:af80c343e37e5855f87a4f0d8730a3136d9b5dd2
-
alt-openssl-doc_1.1.1w-3.5_all.deb
sha:ed4078d3f402d3d34a952857901a8078daf2cc4f
-
alt-openssl-libs_1.1.1w-3.5_amd64.deb
sha:51162efa6724479cd5f28aee9ac96c7e1bb10496
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
