[CLSA-2026:1781799230] Fix CVE(s): CVE-2026-45447
Type:
security
Severity:
Critical
Release date:
2026-06-18 16:14:08 UTC
Description:
* SECURITY UPDATE: use-after-free in PKCS7_verify - debian/patches/openssl-1.1.1-cve-2026-45447.patch: free the BIO chain explicitly and stop at the caller-supplied indata BIO so a crafted PKCS#7 / S-MIME message with an empty digestAlgorithms ASN.1 SET can no longer make OpenSSL free a caller-owned BIO in PKCS7_verify() - CVE-2026-45447
CVEs fixed:
Updated packages:
  • alt-openssl_1.1.1w-3.5_amd64.deb
    sha:104ac0ba3788cb69f4d193ac87e8e9cffa511e84
  • alt-openssl-dev_1.1.1w-3.5_amd64.deb
    sha:b88df237bb726d094b114b2536825289d5c3fc01
  • alt-openssl-doc_1.1.1w-3.5_all.deb
    sha:b31d23b69db96fb68c5e7f16edec94ae5f39c264
  • alt-openssl-libs_1.1.1w-3.5_amd64.deb
    sha:3563f76deaf8534b6e243c3a0ad257827ea18a81
  • alt-openssl_1.1.1w-3.5_arm64.deb
    sha:1c5526230ac6b4f031b182a08f9551a11d271f22
  • alt-openssl-dev_1.1.1w-3.5_arm64.deb
    sha:4f82bf533e6767677d653ca7bf5e31c666a2cda3
  • alt-openssl-doc_1.1.1w-3.5_all.deb
    sha:b31d23b69db96fb68c5e7f16edec94ae5f39c264
  • alt-openssl-libs_1.1.1w-3.5_arm64.deb
    sha:65db022b8fdf77d5844f2723dfcf349d6d97a51b
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.